π΄ Edge Poll: XDR Plans π΄
π Read
via "Dark Reading".
How likely is your organization to adopt XDR technology?π Read
via "Dark Reading".
Dark Reading
The Edge
How likely is your organization to adopt XDR technology?
π΄ What CISOs Can Learn From Big Breaches: Focus on the Root Causes π΄
π Read
via "Dark Reading".
Address these six technical root causes of breaches in order to keep your company safer.π Read
via "Dark Reading".
Dark Reading
What CISOs Can Learn From Big Breaches: Focus on the Root Causes
Address these six technical root causes of breaches in order to keep your company safer.
β S3 Ep24: How not to get snooped, scammed or hoaxed [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep24: How not to get snooped, scammed or hoaxed [Podcast]
Latest episode β listen now!
βΌ CVE-2021-26236 βΌ
π Read
via "National Vulnerability Database".
FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer Overflow at 0x005BDF49, affecting the CUR file parsing functionality (BITMAPINFOHEADER Structure, 'BitCount' file format field), that will end up corrupting the Structure Exception Handler (SEH). Attackers could exploit this issue to achieve code execution when a user opens or views a malformed/specially crafted CUR file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28417 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28419 βΌ
π Read
via "National Vulnerability Database".
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23359 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28418 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28420 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.π Read
via "National Vulnerability Database".
π Digital Guardian Gives Customers Control Over Collaboration Software π
π Read
via "Digital Guardian".
Four new policy packs can help customers better control file movement across popular collaboration software like Microsoft Teams, Slack, Zoom, and Skype.π Read
via "Digital Guardian".
Digital Guardian
Digital Guardian Gives Customers Control Over Collaboration Software
Four new policy packs can help customers better control file movement across popular collaboration software like Microsoft Teams, Slack, Zoom, and Skype.
β Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter β
π Read
via "Threat Post".
The newly discovered steganography method could be exploited by threat actors to obscure nefarious activity inside photos hosted on the social-media platform.π Read
via "Threat Post".
Threat Post
Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter
The newly discovered steganography method could be exploited by threat actors to obscure nefarious activity inside photos hosted on the social-media platform.
β Zoom Screen-Sharing Glitch βBrieflyβ Leaks Sensitive Data β
π Read
via "Threat Post".
A glitch in Zoom's screen-sharing feature shows parts of presenters' screens that they did not intend to share - potentially leaking emails or passwords.π Read
via "Threat Post".
Threat Post
Zoom Screen-Sharing Glitch βBrieflyβ Leaks Sensitive Data
A glitch in Zoom's screen-sharing feature shows parts of presenters' screens that they did not intend to share - potentially leaking emails or passwords.
βΌ CVE-2021-24142 βΌ
π Read
via "National Vulnerability Database".
Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24140 βΌ
π Read
via "National Vulnerability Database".
Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24137 βΌ
π Read
via "National Vulnerability Database".
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24124 βΌ
π Read
via "National Vulnerability Database".
Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21625 βΌ
π Read
via "National Vulnerability Database".
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24129 βΌ
π Read
via "National Vulnerability Database".
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24134 βΌ
π Read
via "National Vulnerability Database".
Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24136 βΌ
π Read
via "National Vulnerability Database".
Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URLπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24139 βΌ
π Read
via "National Vulnerability Database".
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.π Read
via "National Vulnerability Database".