âš S3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust [Podcast] âš
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust [Podcast]
Latest episode – listen now!
‼ CVE-2021-29736 ‼
📖 Read
via "National Vulnerability Database".
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29781 ‼
📖 Read
via "National Vulnerability Database".
IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 203091.📖 Read
via "National Vulnerability Database".
🦿 DDoS attacks are down 38.8% in Q2 2021 🦿
📖 Read
via "Tech Republic".
It's all quiet on the DDoS front, but don't get complacent: The lull is expected, said Kaskersky, and new attack vectors could spell a coming resurgence.📖 Read
via "Tech Republic".
TechRepublic
DDoS attacks are down 38.8% in Q2 2021
It's all quiet on the DDoS front, but don't get complacent: The lull is expected, said Kaskersky, and new attack vectors could spell a coming resurgence.
‼ CVE-2020-20698 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21806 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php..📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19118 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20788 ‼
📖 Read
via "National Vulnerability Database".
Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20114 ‼
📖 Read
via "National Vulnerability Database".
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18158 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28966 ‼
📖 Read
via "National Vulnerability Database".
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-11511 ‼
📖 Read
via "National Vulnerability Database".
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21808 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28674 ‼
📖 Read
via "National Vulnerability Database".
The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20789 ‼
📖 Read
via "National Vulnerability Database".
Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30124 ‼
📖 Read
via "National Vulnerability Database".
The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18157 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18175 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-22765 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20783 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28094 ‼
📖 Read
via "National Vulnerability Database".
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.📖 Read
via "National Vulnerability Database".