‼ CVE-2020-8806 ‼
📖 Read
via "National Vulnerability Database".
Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3333 ‼
📖 Read
via "National Vulnerability Database".
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35765 ‼
📖 Read
via "National Vulnerability Database".
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18716 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26710 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20652 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18715 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18713 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20623 ‼
📖 Read
via "National Vulnerability Database".
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18714 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3311 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.📖 Read
via "National Vulnerability Database".
❌ Google Chrome Zero-Day Afflicts Windows, Mac Users ❌
📖 Read
via "Threat Post".
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers.📖 Read
via "Threat Post".
Threat Post
Google Chrome Zero-Day Afflicts Windows, Mac Users
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers.
‼ CVE-2021-3382 ‼
📖 Read
via "National Vulnerability Database".
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18737 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4832 ‼
📖 Read
via "National Vulnerability Database".
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3258 ‼
📖 Read
via "National Vulnerability Database".
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.📖 Read
via "National Vulnerability Database".
🕴 Pro Tip: Don't Doubt Yourself 🕴
📖 Read
via "Dark Reading".
The Edge asked season security pros what they wish they had known when they first got into the field.📖 Read
via "Dark Reading".
Dark Reading
Pro Tip: Don't Doubt Yourself
The Edge asked seasoned security pros what they wish they had known when they first got into the field.
🦿 DDoS-for-hire services are exploiting Plex Media flaw to amplify their attacks 🦿
📖 Read
via "Tech Republic".
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.📖 Read
via "Tech Republic".
TechRepublic
DDoS-for-hire services are exploiting Plex Media flaw to amplify their attacks
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.
‼ CVE-2021-26722 ‼
📖 Read
via "National Vulnerability Database".
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.📖 Read
via "National Vulnerability Database".
🕴 Security Researchers Push for 'Bug Bounty Program of Last Resort' 🕴
📖 Read
via "Dark Reading".
An international program that pays out hefty sums for the discovery of software vulnerabilities could spur greater scrutiny of applications and lead to better security.📖 Read
via "Dark Reading".
Dark Reading
Security Researchers Push for 'Bug Bounty Program of Last Resort'
An international program that pays out hefty sums for the discovery of software vulnerabilities could spur greater scrutiny of applications and lead to better security.
‼ CVE-2020-10375 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.📖 Read
via "National Vulnerability Database".