βΌ CVE-2021-38754 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38755 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38757 βΌ
π Read
via "National Vulnerability Database".
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38752 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38753 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38751 βΌ
π Read
via "National Vulnerability Database".
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38758 βΌ
π Read
via "National Vulnerability Database".
Directory traversal in Online Catering Reservation System due to lack of validation in index.php.π Read
via "National Vulnerability Database".
β Copyright scammers turn to phone numbers instead of web links β
π Read
via "Naked Security".
Forewarned is forearmed. Here's our advice on dealing with "copyright infringement" scammers.π Read
via "Naked Security".
Naked Security
Copyright scammers turn to phone numbers instead of web links
Forewarned is forearmed. Hereβs our advice on dealing with βcopyright infringementβ scammers.
β S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now! (And learn about the Navajo Nation's selfless cryptographic contribution to America.)π Read
via "Naked Security".
Naked Security
S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed [Podcast]
Latest episode β listen now! (And learn about the Navajo Nationβs selfless cryptographic contribution to America.)
π¦Ώ Windows 10: How to activate Microsoft Defender Application Guard π¦Ώ
π Read
via "Tech Republic".
Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser. Learn how to install and activate this Windows 10 security feature.π Read
via "Tech Republic".
TechRepublic
Windows 10: How to activate Microsoft Defender Application Guard
Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser. Learn how to install and activate this Windows 10 security feature.
β XSS Bug in SEOPress WordPress Plugin Allows Site Takeover β
π Read
via "Threat Post".
The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites.π Read
via "Threat Post".
Threat Post
XSS Bug in SEOPress WordPress Plugin Allows Site Takeover
The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites.
π Yearlong Office 365 Phishing Campaign Skilled at Evasion π
π Read
via "".
A new phishing campaign targeting Office 365 has used Morse code and other forms of obfuscation to side step detection for the last year.π Read
via "".
βΌ CVE-2021-34649 βΌ
π Read
via "National Vulnerability Database".
The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34644 βΌ
π Read
via "National Vulnerability Database".
The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34664 βΌ
π Read
via "National Vulnerability Database".
The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the ~/Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22937 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22934 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or compromised Pulse Connect Secure device in a load-balanced configuration to perform a buffer overflow via a malicious crafted web request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18699 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22940 βΌ
π Read
via "National Vulnerability Database".
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22936 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22939 βΌ
π Read
via "National Vulnerability Database".
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.π Read
via "National Vulnerability Database".