β Free coffee! Dutch researcher hacks prepaid vending machines β
π Read
via "Naked Security".
Only try this at home, folks! As easy as it might look, it's illegal in the wild, with good reason.π Read
via "Naked Security".
Naked Security
Free coffee! Belgian researcher hacks prepaid vending machines
Only try this at home, folks! As easy as it might look, itβs illegal in the wild, with good reason.
π΄ Is $50,000 for a Vulnerability Too Much? π΄
π Read
via "Dark Reading".
Lofty bug bounties catch attention, but don't alleviate the application security flaws they are trying to solve.π Read
via "Dark Reading".
Dark Reading
Is $50,000 for a Vulnerability Too Much?
Lofty bug bounties catch attention, but don't alleviate the application security flaws they are trying to solve.
β Critical Cisco Flaws Open VPN Routers Up to RCE Attacks β
π Read
via "Threat Post".
The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.π Read
via "Threat Post".
Threat Post
Critical Cisco Flaws Open VPN Routers Up to RCE Attacks
The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.
β Microsoft Office 365 Attacks Sparked from Google Firebase β
π Read
via "Threat Post".
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.π Read
via "Threat Post".
Threat Post
Microsoft Office 365 Attacks Sparked from Google Firebase
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.
βΌ CVE-2020-28449 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package decal. The vulnerability is in the set function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28450 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package decal. The vulnerability is in the extend function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16194 βΌ
π Read
via "National Vulnerability Database".
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.π Read
via "National Vulnerability Database".
π¦Ώ 91% of enterprise pros experienced an API security incident in 2020 π¦Ώ
π Read
via "Tech Republic".
"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.π Read
via "Tech Republic".
TechRepublic
91% of enterprise pros experienced an API security incident in 2020
"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.
βΌ CVE-2021-1293 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1329 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1325 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1346 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1339 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1343 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1332 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1317 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27872 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1336 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4825 βΌ
π Read
via "National Vulnerability Database".
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1316 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1288 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".