‼ CVE-2021-34559 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33555 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34565 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34560 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34562 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3749 ‼
📖 Read
via "National Vulnerability Database".
axios is vulnerable to Inefficient Regular Expression Complexity📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34564 ‼
📖 Read
via "National Vulnerability Database".
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34563 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34561 ‼
📖 Read
via "National Vulnerability Database".
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34581 ‼
📖 Read
via "National Vulnerability Database".
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.📖 Read
via "National Vulnerability Database".
🦿 Cybercriminals buy up admin credentials to sharpen attacks on cloud deployments 🦿
📖 Read
via "Tech Republic".
Lacework analysis finds that SSH, SQL, Docker and Redis were the most common targets over the last three months.📖 Read
via "Tech Republic".
TechRepublic
Cybercriminals buy up admin credentials to sharpen attacks on cloud deployments
Lacework analysis finds that SSH, SQL, Docker and Redis were the most common targets over the last three months.
❌ Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers ❌
📖 Read
via "Threat Post".
Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.📖 Read
via "Threat Post".
Threat Post
Top 3 API Vulnerabilities: Why Apps are Pwned by Cyberattackers
Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.
🦿 Delta variant: Is your IT department ready to go fully remote again due to COVID-19? 🦿
📖 Read
via "Tech Republic".
The delta variant is delaying office reentry plans. For companies going fully remote again, team cohesion, cloud investments and reducing IT burden could be key, according to tech experts.📖 Read
via "Tech Republic".
TechRepublic
Delta variant: Is your IT department ready to go fully remote again due to COVID-19?
The delta variant is delaying office reentry plans. For companies going fully remote again, team cohesion, cloud investments and reducing IT burden could be key, according to tech experts.
‼ CVE-2021-35219 ‼
📖 Read
via "National Vulnerability Database".
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35220 ‼
📖 Read
via "National Vulnerability Database".
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35222 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35221 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39316 ‼
📖 Read
via "National Vulnerability Database".
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.📖 Read
via "National Vulnerability Database".
❌ QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout ❌
📖 Read
via "Threat Post".
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.📖 Read
via "Threat Post".
Threat Post
QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.
❌ WooCommerce Pricing Plugin Allows Malicious Code-Injection ❌
📖 Read
via "Threat Post".
The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.📖 Read
via "Threat Post".
Threat Post
WooCommerce Pricing Plugin Allows Malicious Code-Injection
The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.
‼ CVE-2020-19047 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'.📖 Read
via "National Vulnerability Database".