βΌ CVE-2021-38149 βΌ
π Read
via "National Vulnerability Database".
index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38151 βΌ
π Read
via "National Vulnerability Database".
index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37388 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37381 βΌ
π Read
via "National Vulnerability Database".
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1].π Read
via "National Vulnerability Database".
βΌ CVE-2021-38152 βΌ
π Read
via "National Vulnerability Database".
index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22295 βΌ
π Read
via "National Vulnerability Database".
A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.π Read
via "National Vulnerability Database".
π¦Ώ Phishing continues to target big businesses and exploit COVID-19 fears in Q2 2021 π¦Ώ
π Read
via "Tech Republic".
Spam as a share of global mail traffic rose, and attackers have started to adapt their scams to other languages to reach wider audiences.π Read
via "Tech Republic".
TechRepublic
Phishing continues to target big businesses and exploit COVID-19 fears in Q2 2021
Spam as a share of global mail traffic rose, and attackers have started to adapt their scams to other languages to reach wider audiences.
π¦Ώ Amazon Kindle flaws could have allowed attackers to control the device π¦Ώ
π Read
via "Tech Republic".
Now patched by Amazon, security vulnerabilities found by Check Point would have given attackers access to a Kindle device and its stored data.π Read
via "Tech Republic".
TechRepublic
Amazon Kindle flaws could have allowed attackers to control the device
Now patched by Amazon, security vulnerabilities found by Check Point would have given attackers access to a Kindle device and its stored data.
π¦Ώ The most secure browser for transmitting sensitive data is definitely not Chrome π¦Ώ
π Read
via "Tech Republic".
Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data.π Read
via "Tech Republic".
TechRepublic
The most secure browser for transmitting sensitive data is definitely not Chrome
Jack Wallen addresses the challenging question of which browser is best to use for transmitting encrypted data.
β Angry Affiliate Leaks Conti Ransomware Gang Playbook β
π Read
via "Threat Post".
The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.π Read
via "Threat Post".
Threat Post
Angry Affiliate Leaks Conti Ransomware Gang Playbook
The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.
β Zoom Settlement: An $85M Business Case for Security Investment β
π Read
via "Threat Post".
Zoomβs security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup.π Read
via "Threat Post".
Threat Post
Zoom Settlement: An $85M Business Case for Security Investment
Zoomβs security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup.
π΄ Researchers Call for 'CVE' Approach for Cloud Vulnerabilities π΄
π Read
via "Dark Reading".
New research suggests isolation among cloud customer accounts may not be a given -- and the researchers behind the findings issue a call to action for cloud security.π Read
via "Dark Reading".
Dark Reading
Dark Reading | Security | Protect The Business
Dark Reading: Connecting The Cybersecurity Community.
βΌ CVE-2021-38137 βΌ
π Read
via "National Vulnerability Database".
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor userΓ’β¬β’s privileges, allowing a user to perform actions not belonging to his role.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37552 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36707 βΌ
π Read
via "National Vulnerability Database".
In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37541 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38136 βΌ
π Read
via "National Vulnerability Database".
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A Γ’β¬Λlow privilegedΓ’β¬β’ attacker can read any file on the target host.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37547 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37550 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37551 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37553 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.π Read
via "National Vulnerability Database".