βΌ CVE-2020-28165 βΌ
π Read
via "National Vulnerability Database".
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function.π Read
via "National Vulnerability Database".
π¦Ώ Microsoft fixes Print Spooler bugs with August Patch Tuesday rollout π¦Ώ
π Read
via "Tech Republic".
The fix, though, means that only administrators will be able to install print drivers on Windows PCs.π Read
via "Tech Republic".
TechRepublic
Microsoft fixes Print Spooler bugs with August Patch Tuesday rollout
The fix, though, means that only administrators will be able to install print drivers on Windows PCs.
π¦Ώ When 2FA on your Linux servers won't let you in, try this fix π¦Ώ
π Read
via "Tech Republic".
When your Linux servers are giving you fits, Jack Wallen has the solution for you.π Read
via "Tech Republic".
TechRepublic
When 2FA on your Linux servers won't let you in, try this fix
When your Linux servers are giving you fits, Jack Wallen has the solution for you.
β Ransomware Payments Explode Amid βQuadruple Extortionβ β
π Read
via "Threat Post".
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.π Read
via "Threat Post".
Threat Post
Ransomware Payments Explode Amid βQuadruple Extortionβ
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.
βΌ CVE-2021-27792 βΌ
π Read
via "National Vulnerability Database".
The command Γ’β¬ΕipfilterΓ’β¬οΏ½ in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27794 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35955 βΌ
π Read
via "National Vulnerability Database".
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20314 βΌ
π Read
via "National Vulnerability Database".
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20981 βΌ
π Read
via "National Vulnerability Database".
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38087 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20975 βΌ
π Read
via "National Vulnerability Database".
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20979 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20977 βΌ
π Read
via "National Vulnerability Database".
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27793 βΌ
π Read
via "National Vulnerability Database".
ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabric OS v9.0.1b and after 9.0.0, also in Brocade Fabric OS before Brocade Fabric OS v8.2.3a and after v8.2.0 could cause a user with a valid account to be unable to log into the switch.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38086 βΌ
π Read
via "National Vulnerability Database".
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37841 βΌ
π Read
via "National Vulnerability Database".
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27791 βΌ
π Read
via "National Vulnerability Database".
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38597 βΌ
π Read
via "National Vulnerability Database".
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27790 βΌ
π Read
via "National Vulnerability Database".
The command Γ’β¬ΕipfilterΓ’β¬οΏ½ in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38088 βΌ
π Read
via "National Vulnerability Database".
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.π Read
via "National Vulnerability Database".
π¦Ώ For sale: Access to your company network. Price: Less than you'd think π¦Ώ
π Read
via "Tech Republic".
Access to secured networks is regularly sold on the Dark Web and 45% of those sales are less than $1,000.π Read
via "Tech Republic".
TechRepublic
For sale: Access to your company network. Price: Less than you'd think
Access to secured networks is regularly sold on the Dark Web and 45% of those sales are less than $1,000.