‼ CVE-2021-37475 ‼
📖 Read
via "National Vulnerability Database".
In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37477 ‼
📖 Read
via "National Vulnerability Database".
In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37478 ‼
📖 Read
via "National Vulnerability Database".
In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.📖 Read
via "National Vulnerability Database".
❌ Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn ❌
📖 Read
via "Threat Post".
A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin.📖 Read
via "Threat Post".
Threat Post
Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn
A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin.
‼ CVE-2020-17952 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18171 ‼
📖 Read
via "National Vulnerability Database".
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2021-37555 ‼
📖 Read
via "National Vulnerability Database".
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18173 ‼
📖 Read
via "National Vulnerability Database".
A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23242 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23238 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18172 ‼
📖 Read
via "National Vulnerability Database".
A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18170 ‼
📖 Read
via "National Vulnerability Database".
An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18169 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18174 ‼
📖 Read
via "National Vulnerability Database".
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32795 ‼
📖 Read
via "National Vulnerability Database".
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versions prior to 4.3.1.0 a Denial of Service (aka DoS) vulnerability which allows attacker to remotely crash running ASF instance through sending a specifically-crafted Steam chat message exists. The user sending the message does not need to be authorized within the bot or ASF process. The attacker needs to know ASF's `CommandPrefix` in advance, but majority of ASF setups run with an unchanged default value. This attack does not allow attacker to gain any potentially-sensitive information, such as logins or passwords, does not allow to execute arbitrary commands and otherwise exploit the crash further. The issue is patched in ASF V4.3.1.0. The only workaround which guarantees complete protection is running all bots with `OnlineStatus` of `0` (Offline). In this setup, ASF is able to ignore even the specifically-crafted message without attempting to interpret it.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23243 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23240 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23241 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23239 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23234 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".📖 Read
via "National Vulnerability Database".
❌ Podcast: IoT Piranhas Are Swarming Industrial Controls ❌
📖 Read
via "Threat Post".
Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure.📖 Read
via "Threat Post".