🕴 Is $50,000 for a Vulnerability Too Much? 🕴
📖 Read
via "Dark Reading".
Lofty bug bounties catch attention, but don't alleviate the application security flaws they are trying to solve.📖 Read
via "Dark Reading".
Dark Reading
Is $50,000 for a Vulnerability Too Much?
Lofty bug bounties catch attention, but don't alleviate the application security flaws they are trying to solve.
❌ Critical Cisco Flaws Open VPN Routers Up to RCE Attacks ❌
📖 Read
via "Threat Post".
The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.📖 Read
via "Threat Post".
Threat Post
Critical Cisco Flaws Open VPN Routers Up to RCE Attacks
The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.
❌ Microsoft Office 365 Attacks Sparked from Google Firebase ❌
📖 Read
via "Threat Post".
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.📖 Read
via "Threat Post".
Threat Post
Microsoft Office 365 Attacks Sparked from Google Firebase
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.
‼ CVE-2020-28449 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package decal. The vulnerability is in the set function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28450 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package decal. The vulnerability is in the extend function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16194 ‼
📖 Read
via "National Vulnerability Database".
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.📖 Read
via "National Vulnerability Database".
🦿 91% of enterprise pros experienced an API security incident in 2020 🦿
📖 Read
via "Tech Republic".
"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.📖 Read
via "Tech Republic".
TechRepublic
91% of enterprise pros experienced an API security incident in 2020
"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.
‼ CVE-2021-1293 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1329 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1325 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1346 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1339 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1343 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1332 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1317 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27872 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1336 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4825 ‼
📖 Read
via "National Vulnerability Database".
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1316 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1288 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1389 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.📖 Read
via "National Vulnerability Database".