βΌ CVE-2021-24368 βΌ
π Read
via "National Vulnerability Database".
The Quiz And Survey Master ΓΒ’Γ’β¬Òβ¬Ε Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious linkπ Read
via "National Vulnerability Database".
βΌ CVE-2020-20467 βΌ
π Read
via "National Vulnerability Database".
White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20466 βΌ
π Read
via "National Vulnerability Database".
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20471 βΌ
π Read
via "National Vulnerability Database".
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20473 βΌ
π Read
via "National Vulnerability Database".
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31769 βΌ
π Read
via "National Vulnerability Database".
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.π Read
via "National Vulnerability Database".
π΄ Are Ransomware Attacks the New Pandemic? π΄
π Read
via "Dark Reading".
Ransomware has been a problem for decades, so why is government just now beginning to address it?π Read
via "Dark Reading".
βΌ CVE-2020-7031 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22390 βΌ
π Read
via "National Vulnerability Database".
Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.π Read
via "National Vulnerability Database".
βΌ CVE-2006-0016 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
β iPhone Wi-Fi Crushed by Weird Network β
π Read
via "Threat Post".
β¦ until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not.π Read
via "Threat Post".
Threat Post
iPhone Wi-Fi Crushed by Weird Network
β¦ until you reset network settings and stop connecting to one weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not, though it could.
βΌ CVE-2021-0522 βΌ
π Read
via "National Vulnerability Database".
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-174182139π Read
via "National Vulnerability Database".
βΌ CVE-2021-0520 βΌ
π Read
via "National Vulnerability Database".
In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-176237595π Read
via "National Vulnerability Database".
βΌ CVE-2020-19510 βΌ
π Read
via "National Vulnerability Database".
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32697 βΌ
π Read
via "National Vulnerability Database".
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a custom Finisher can be added as first finisher. This regression was introduced with https://github.com/neos/form/commit/049d415295be8d4a0478ccba97dba1bb81649567π Read
via "National Vulnerability Database".
β Embryology Data Breach Follows Fertility Clinic Ransomware Hit β
π Read
via "Threat Post".
Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang.π Read
via "Threat Post".
Threat Post
Embryology Data Breach Follows Fertility Clinic Ransomware Hit
Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang.
π΄ Baltimore County Public Schools' Ransomware Recovery Tops $8M π΄
π Read
via "Dark Reading".
The school district has spent seven months and a reported $8.1 million recovering from the November attack.π Read
via "Dark Reading".
β Bugs in NVIDIAβs Jetson Chipset Opens Door to DoS Attacks, Data Theft β
π Read
via "Threat Post".
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.π Read
via "Threat Post".
Threat Post
Bugs in NVIDIAβs Jetson Chipset Open Door to DoS Attacks, Data Theft
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.
π΄ Data Leaked in Fertility Clinic Ransomware Attack π΄
π Read
via "Dark Reading".
Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.π Read
via "Dark Reading".
βΌ CVE-2021-24377 βΌ
π Read
via "National Vulnerability Database".
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.π Read
via "National Vulnerability Database".