โผ CVE-2021-24410 โผ
๐ Read
via "National Vulnerability Database".
The ร รยฐรยคร รยฑรขโฌ ร รยฐรยฒร รยฑ?ร รยฐรขโฌโร รยฑ? ร รยฐรยฌร รยฑรโ ร รยฐรยฌร รยฐรยฟร รยฐรยฒร รยฑ? ร รยฐรยตร รยฐร
ยกร รยฐรยจร รยฐรยฎร รยฑ?ร รยฐรยฒร รยฑ? WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24541 โผ
๐ Read
via "National Vulnerability Database".
The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderplugin_pdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24534 โผ
๐ Read
via "National Vulnerability Database".
The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its "php_id" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24411 โผ
๐ Read
via "National Vulnerability Database".
The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24363 โผ
๐ Read
via "National Vulnerability Database".
The Photo Gallery by 10Web รยขรขโยฌรขโฌล Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24548 โผ
๐ Read
via "National Vulnerability Database".
The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings page.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24526 โผ
๐ Read
via "National Vulnerability Database".
The Form Maker by 10Web รยขรขโยฌรขโฌล Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24380 โผ
๐ Read
via "National Vulnerability Database".
The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24535 โผ
๐ Read
via "National Vulnerability Database".
The Light Messages WordPress plugin through 1.0 is lacking CSRF check when updating it's settings, and is not sanitising its Message Content in them (even with the unfiltered_html disallowed). As a result, an attacker could make a logged in admin update the settings to arbitrary values, and set a Cross-Site Scripting payload in the Message Content. Depending on the options set, the XSS payload can be triggered either in the backend only (in the plugin's settings), or both frontend and backend.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24518 โผ
๐ Read
via "National Vulnerability Database".
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24362 โผ
๐ Read
via "National Vulnerability Database".
The Photo Gallery by 10Web รยขรขโยฌรขโฌล Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue๐ Read
via "National Vulnerability Database".
๐ฆฟ Behind the scenes: A day in the life of a CIO ๐ฆฟ
๐ Read
via "Tech Republic".
Getting to the point where you're proactive is "utopia," says Jadee Hanson, CIO at Code42.๐ Read
via "Tech Republic".
TechRepublic
Behind the scenes: A day in the life of a CIO
Getting to the point where you're proactive is "utopia," says Jadee Hanson, CIO at Code42.
๐ฆฟ The cybersecurity skills gap persists for the fifth year running ๐ฆฟ
๐ Read
via "Tech Republic".
Most organizations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.๐ Read
via "Tech Republic".
TechRepublic
The cybersecurity skills gap persists for the fifth year running
Most organizations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.
โผ CVE-2021-35392 โผ
๐ Read
via "National Vulnerability Database".
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-35393 โผ
๐ Read
via "National Vulnerability Database".
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-35394 โผ
๐ Read
via "National Vulnerability Database".
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38607 โผ
๐ Read
via "National Vulnerability Database".
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-35395 โผ
๐ Read
via "National Vulnerability Database".
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.๐ Read
via "National Vulnerability Database".
โ 100m T-Mobile Customer Records Purportedly Up for Sale โ
๐ Read
via "Threat Post".
The seller claims to have sucker-punched U.S. infrastructure out of retaliation. The offer: 30m records for ~1 penny each, with the rest being sold privately.๐ Read
via "Threat Post".
Threat Post
100m T-Mobile Customer Records Purportedly Up for Sale
UPDATE: T-Mobile confirmed the breach, but hasn't confirmed whether customer data was involved. The offer: 30m records for ~1 penny each, with the rest being sold privately.
โผ CVE-2021-38756 โผ
๐ Read
via "National Vulnerability Database".
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38754 โผ
๐ Read
via "National Vulnerability Database".
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.๐ Read
via "National Vulnerability Database".