⚠ S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast] ⚠
📖 Read
via "Naked Security".
Lastest episode - listen, laugh and learn! This week, Chester Wisniewski joins us on the show.📖 Read
via "Naked Security".
Naked Security
S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast]
Lastest episode – listen, laugh and learn! This week, Chester Wisniewski joins us on the show.
‼ CVE-2020-36474 ‼
📖 Read
via "National Vulnerability Database".
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18886 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18879 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18885 ‼
📖 Read
via "National Vulnerability Database".
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18877 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.📖 Read
via "National Vulnerability Database".
🔏 Friday Five 8/20 🔏
📖 Read
via "".
Exposed web cams, mistakes made when hiring cybersecurity roles, and a $1 million breach settlement - catch up on the week's infosec news with the Friday Five!📖 Read
via "".
Digital Guardian
Friday Five 8/20
Exposed web cams, mistakes made when hiring cybersecurity roles, and a $1 million breach settlement - catch up on the week's infosec news with the Friday Five!
‼ CVE-2021-34228 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34218 ‼
📖 Read
via "National Vulnerability Database".
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34223 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34207 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34215 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34220 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34433 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35529 ‼
📖 Read
via "National Vulnerability Database".
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35984 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability achieve an application denial-of-service in the context of the current user. Exploitation of this issue does not requires user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28636 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36010 ‼
📖 Read
via "National Vulnerability Database".
Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28638 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35986 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25359 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path.📖 Read
via "National Vulnerability Database".