‼ CVE-2021-37708 ‼
📖 Read
via "National Vulnerability Database".
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21859 ‼
📖 Read
via "National Vulnerability Database".
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21860 ‼
📖 Read
via "National Vulnerability Database".
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38608 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32826 ‼
📖 Read
via "National Vulnerability Database".
Proxyee-Down is open source proxy software. An attacker being able to provide an extension script (eg: through a MiTM attack or by hosting a malicious extension) may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced GHSL-2021-053. As of the writing of this CVE there is currently no patched version.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21861 ‼
📖 Read
via "National Vulnerability Database".
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
❌ How to Reduce Exchange Server Downtime in Case of a Disaster? ❌
📖 Read
via "Threat Post".
Exchange downtime can have serious implications on businesses. Thus, it’s important to maintain backups and implement best practices for Exchange servers that can help restore the Exchange server when a disaster strikes with minimal impact and downtime.📖 Read
via "Threat Post".
Threat Post
How to Reduce Exchange Server Downtime in Case of a Disaster?
Exchange downtime can have serious implications on businesses. Thus, it’s important to maintain backups and implement best practices for Exchange servers that can help restore the Exchange server when a disaster strikes with minimal impact and downtime.
❌ Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope ❌
📖 Read
via "Threat Post".
Computing giant tries to reassure users that the tool won’t be used for mass surveillance.📖 Read
via "Threat Post".
Threat Post
Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope
Computing giant tries to reassure users that the tool won’t be used for mass surveillance.
❌ Terrorist Watchlist Exposed Online with Nearly 1.9M Records ❌
📖 Read
via "Threat Post".
A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement.📖 Read
via "Threat Post".
Threat Post
Terrorist Watchlist Exposed Online with Nearly 1.9M Records
A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement.
🛠 TOR Virtual Network Tunneling Tool 0.4.6.7 🛠
📖 Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.6.7 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🦿 Top 5 tech annoyances 🦿
📖 Read
via "Tech Republic".
Tom Merritt tells us his top five annoyances in tech and why they are frustrating.📖 Read
via "Tech Republic".
TechRepublic
Top 5 tech annoyances and why they are frustrating
Tom Merritt tells us his top five annoyances in tech and why they are frustrating.
🦿 The 5 most annoying things in technology 🦿
📖 Read
via "Tech Republic".
These five things are driving us crazy, says Tom Merritt. There's hope for some to get better.📖 Read
via "Tech Republic".
TechRepublic
The 5 most annoying things in technology
These five things are driving us crazy, says Tom Merritt. There's hope for some to get better.
‼ CVE-2020-4706 ‼
📖 Read
via "National Vulnerability Database".
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25956 ‼
📖 Read
via "National Vulnerability Database".
In “Dolibarrâ€� application, v3.3.beta1_20121221 to v13.0.2 have “Modifyâ€� access for admin level users to change other user’s details but fails to validate already existing “Loginâ€� name, while renaming the user “Loginâ€�. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34407 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-30480. Reason: This candidate is a reservation duplicate of CVE-2021-30480. Notes: All CVE users should reference CVE-2021-30480 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25957 ‼
📖 Read
via "National Vulnerability Database".
In “Dolibarrâ€� application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4992 ‼
📖 Read
via "National Vulnerability Database".
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.📖 Read
via "National Vulnerability Database".
❌ Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop ❌
📖 Read
via "Threat Post".
A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.📖 Read
via "Threat Post".
Threat Post
Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop
A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.
⚠ Copyright scammers turn to phone numbers instead of web links ⚠
📖 Read
via "Naked Security".
Forewarned is forearmed. Here's our advice on dealing with "copyright infringement" scammers.📖 Read
via "Naked Security".
Naked Security
Copyright scammers turn to phone numbers instead of web links
Forewarned is forearmed. Here’s our advice on dealing with “copyright infringement” scammers.
⚠ Video surveillance network hacked by researchers to hijack footage ⚠
📖 Read
via "Naked Security".
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online...📖 Read
via "Naked Security".
Naked Security
Video surveillance network hacked by researchers to hijack footage
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online…
❌ LockBit 2.0 Ransomware Proliferates Globally ❌
📖 Read
via "Threat Post".
Fresh attacks target companies' employees, promising millions of dollars in exchange for valid account credentials for initial access.📖 Read
via "Threat Post".
Threat Post
LockBit 2.0 Ransomware Proliferates Globally
Fresh attacks target companies' employees, promising millions of dollars in exchange for valid account credentials for initial access.