‼ CVE-2020-18877 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.📖 Read
via "National Vulnerability Database".
🔏 Friday Five 8/20 🔏
📖 Read
via "".
Exposed web cams, mistakes made when hiring cybersecurity roles, and a $1 million breach settlement - catch up on the week's infosec news with the Friday Five!📖 Read
via "".
Digital Guardian
Friday Five 8/20
Exposed web cams, mistakes made when hiring cybersecurity roles, and a $1 million breach settlement - catch up on the week's infosec news with the Friday Five!
‼ CVE-2021-34228 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34218 ‼
📖 Read
via "National Vulnerability Database".
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34223 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34207 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34215 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34220 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34433 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35529 ‼
📖 Read
via "National Vulnerability Database".
Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects: Hitachi ABB Power Grids Retail Operations version 5.7.2 and prior versions. Hitachi ABB Power Grids Counterparty Settlement Billing (CSB) version 5.7.2 and prior versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35984 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability achieve an application denial-of-service in the context of the current user. Exploitation of this issue does not requires user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28636 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36010 ‼
📖 Read
via "National Vulnerability Database".
Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28638 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35986 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Type Confusion vulnerability. An unauthenticated attacker could leverage this vulnerability to read arbitrary system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25359 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36007 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.0 (and earlier) are affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28634 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on the host machine in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35991 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28641 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
❌ Web Censorship Systems Can Facilitate Massive DDoS Attacks ❌
📖 Read
via "Threat Post".
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.📖 Read
via "Threat Post".
Threat Post
Web Censorship Systems Can Facilitate Massive DDoS Attacks
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.