‼ CVE-2021-39215 ‼
📖 Read
via "National Vulnerability Database".
Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33704 ‼
📖 Read
via "National Vulnerability Database".
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28901 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33695 ‼
📖 Read
via "National Vulnerability Database".
Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33694 ‼
📖 Read
via "National Vulnerability Database".
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33698 ‼
📖 Read
via "National Vulnerability Database".
SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40966 ‼
📖 Read
via "National Vulnerability Database".
A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2016-20012 ‼
📖 Read
via "National Vulnerability Database".
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33044 ‼
📖 Read
via "National Vulnerability Database".
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40639 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21481 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21321 ‼
📖 Read
via "National Vulnerability Database".
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33045 ‼
📖 Read
via "National Vulnerability Database".
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40881 ‼
📖 Read
via "National Vulnerability Database".
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21483 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21480 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21482 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board module📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21322 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
🗓️ UK armed forces confirms cyber as fifth dimension of warfare 🗓️
📖 Read
via "The Daily Swig".
Armed forces needs to adapt to recruit more digital quartermasters rather than conventional soldiers, conference attendees told📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK armed forces confirm cyber as fifth dimension of warfare
Armed forces needs to adapt to recruit more digital quartermasters rather than conventional soldiers, conference attendees told
❌ HP Omen Hub Exposes Millions of Gamers to Cyberattack ❌
📖 Read
via "Threat Post".
A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.📖 Read
via "Threat Post".
Threat Post
HP Omen Hub Exposes Millions of Gamers to Cyberattack
A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.
❌ REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out ❌
📖 Read
via "Threat Post".
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13.📖 Read
via "Threat Post".
Threat Post
REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13.