❌ Top 3 APIs Vulnerabilities: Why Apps are Owned by Cyberattackers ❌
📖 Read
via "Threat Post".
Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.📖 Read
via "Threat Post".
Threat Post
Top 3 API Vulnerabilities: Why Apps are Pwned by Cyberattackers
Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.
🦿 Delta variant: Is your IT department ready to go fully remote again due to COVID-19? 🦿
📖 Read
via "Tech Republic".
The delta variant is delaying office reentry plans. For companies going fully remote again, team cohesion, cloud investments and reducing IT burden could be key, according to tech experts.📖 Read
via "Tech Republic".
TechRepublic
Delta variant: Is your IT department ready to go fully remote again due to COVID-19?
The delta variant is delaying office reentry plans. For companies going fully remote again, team cohesion, cloud investments and reducing IT burden could be key, according to tech experts.
‼ CVE-2021-35219 ‼
📖 Read
via "National Vulnerability Database".
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35220 ‼
📖 Read
via "National Vulnerability Database".
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35222 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35221 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39316 ‼
📖 Read
via "National Vulnerability Database".
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.📖 Read
via "National Vulnerability Database".
❌ QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout ❌
📖 Read
via "Threat Post".
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.📖 Read
via "Threat Post".
Threat Post
QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.
❌ WooCommerce Pricing Plugin Allows Malicious Code-Injection ❌
📖 Read
via "Threat Post".
The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.📖 Read
via "Threat Post".
Threat Post
WooCommerce Pricing Plugin Allows Malicious Code-Injection
The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.
‼ CVE-2020-19047 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21681 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19049 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21677 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21678 ‼
📖 Read
via "National Vulnerability Database".
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21680 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19046 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19048 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21679 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.📖 Read
via "National Vulnerability Database".
🛠 Dr Checker 4 Linux 🛠
📖 Read
via "Packet Storm Security".
This is an LLVM based tool to audit Linux kernel module security using both pointer and taint analyses that are flow-sensitive, context-sensitive, and fieldsensitive on kernel drivers. It is port of Dr. Checker.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Dr Checker 4 Linux ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Hashcat Advanced Password Recovery 6.2.4 Source Code 🛠
📖 Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.4 Source Code ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Flawfinder 2.0.19 🛠
📖 Read
via "Packet Storm Security".
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Flawfinder 2.0.19 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers