🛠 Recon Informer 1.3 🛠
📖 Read
via "Packet Storm Security".
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Recon Informer 1.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Palo Alto Networks Plans to Acquire Cloud Security Firm 🕴
📖 Read
via "Dark Reading".
Most of Fortune 100 firms have used Bridgecrew's service in their application development processes.📖 Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Plans to Acquire Cloud Security Firm
Most of Fortune 100 firms have used Bridgecrew's service in their application development processes.
❌ Misconfigured Baby Monitors Allow Unauthorized Viewing ❌
📖 Read
via "Threat Post".
Hundreds of thousands of individuals are potentially affected by this vulnerability.📖 Read
via "Threat Post".
Threat Post
Misconfigured Baby Monitors Allow Unauthorized Viewing
Hundreds of thousands of individuals are potentially affected by this vulnerability.
❌ Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches ❌
📖 Read
via "Threat Post".
Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.📖 Read
via "Threat Post".
Threat Post
Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches
Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.
‼ CVE-2020-25340 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35566 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35564 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35567 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35565 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29023 ‼
📖 Read
via "National Vulnerability Database".
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35563 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29027 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35570 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35560 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29024 ‼
📖 Read
via "National Vulnerability Database".
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29025 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.3📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35569 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27232 ‼
📖 Read
via "National Vulnerability Database".
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35561 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35559 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35557 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to.📖 Read
via "National Vulnerability Database".