๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  S3 Ep50: Two 0-days plus another 0-day plus a fast food bug [Podcast] โš 

Bugs! So many bugs! Latest episode - listen now...

๐Ÿ“– Read

via "Naked Security".
Naked Security
S3 Ep50: Two 0-days plus another 0-day plus a fast food bug [Podcast]
Bugs! So many bugs! Latest episode โ€“ listen nowโ€ฆ
212 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿฆฟ You can now eliminate the password for your Microsoft account ๐Ÿฆฟ

By using an alternative means of authentication, you can now go passwordless on your Microsoft account.

๐Ÿ“– Read

via "Tech Republic".
202 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ—“๏ธ Remote code execution flaw allowed hijack of Motorola Halo+ baby monitors ๐Ÿ—“๏ธ

Expectant parent finds severe security problems in his new baby monitor

๐Ÿ“– Read

via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Remote code execution flaw allowed hijack of Motorola Halo+ baby monitors
Expectant parent finds severe security problems in his new baby monitor
154 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-39189 โ€ผ

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.

๐Ÿ“– Read

via "National Vulnerability Database".
131 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19155 โ€ผ

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.

๐Ÿ“– Read

via "National Vulnerability Database".
121 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19154 โ€ผ

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.

๐Ÿ“– Read

via "National Vulnerability Database".
119 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19148 โ€ผ

Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.

๐Ÿ“– Read

via "National Vulnerability Database".
114 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19157 โ€ผ

Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'.

๐Ÿ“– Read

via "National Vulnerability Database".
108 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19151 โ€ผ

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.

๐Ÿ“– Read

via "National Vulnerability Database".
108 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-40157 โ€ผ

A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBXรขโ‚ฌโ„ขs Review version 1.5.0 and prior causing it to run arbitrary code on the system.

๐Ÿ“– Read

via "National Vulnerability Database".
115 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-21798 โ€ผ

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
116 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19146 โ€ผ

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.

๐Ÿ“– Read

via "National Vulnerability Database".
122 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-38156 โ€ผ

In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.

๐Ÿ“– Read

via "National Vulnerability Database".
117 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19158 โ€ผ

Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.

๐Ÿ“– Read

via "National Vulnerability Database".
120 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-27044 โ€ผ

An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.

๐Ÿ“– Read

via "National Vulnerability Database".
118 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19147 โ€ผ

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.

๐Ÿ“– Read

via "National Vulnerability Database".
118 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19159 โ€ผ

Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.

๐Ÿ“– Read

via "National Vulnerability Database".
144 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19150 โ€ผ

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.

๐Ÿ“– Read

via "National Vulnerability Database".
164 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-19156 โ€ผ

Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.

๐Ÿ“– Read

via "National Vulnerability Database".
170 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-21122 โ€ผ

UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.

๐Ÿ“– Read

via "National Vulnerability Database".
159 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2020-21125 โ€ผ

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.

๐Ÿ“– Read

via "National Vulnerability Database".
158 views