‼ CVE-2020-10538 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18717 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-10537 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-10539 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a "Backdoor Password" of 3p1kursupport). If the submitted password matches either one, access is granted.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8806 ‼
📖 Read
via "National Vulnerability Database".
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3333 ‼
📖 Read
via "National Vulnerability Database".
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35765 ‼
📖 Read
via "National Vulnerability Database".
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18716 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26710 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20652 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18715 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18713 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20623 ‼
📖 Read
via "National Vulnerability Database".
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18714 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3311 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.📖 Read
via "National Vulnerability Database".
❌ Google Chrome Zero-Day Afflicts Windows, Mac Users ❌
📖 Read
via "Threat Post".
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers.📖 Read
via "Threat Post".
Threat Post
Google Chrome Zero-Day Afflicts Windows, Mac Users
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers.
‼ CVE-2021-3382 ‼
📖 Read
via "National Vulnerability Database".
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18737 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4832 ‼
📖 Read
via "National Vulnerability Database".
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3258 ‼
📖 Read
via "National Vulnerability Database".
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.📖 Read
via "National Vulnerability Database".
🕴 Pro Tip: Don't Doubt Yourself 🕴
📖 Read
via "Dark Reading".
The Edge asked season security pros what they wish they had known when they first got into the field.📖 Read
via "Dark Reading".
Dark Reading
Pro Tip: Don't Doubt Yourself
The Edge asked seasoned security pros what they wish they had known when they first got into the field.