βΌ CVE-2021-40966 βΌ
π Read
via "National Vulnerability Database".
A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.π Read
via "National Vulnerability Database".
βΌ CVE-2016-20012 βΌ
π Read
via "National Vulnerability Database".
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33044 βΌ
π Read
via "National Vulnerability Database".
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40639 βΌ
π Read
via "National Vulnerability Database".
Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21481 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21321 βΌ
π Read
via "National Vulnerability Database".
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33045 βΌ
π Read
via "National Vulnerability Database".
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40881 βΌ
π Read
via "National Vulnerability Database".
An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21483 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21480 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21482 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board moduleπ Read
via "National Vulnerability Database".
βΌ CVE-2020-21322 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
ποΈ UK armed forces confirms cyber as fifth dimension of warfare ποΈ
π Read
via "The Daily Swig".
Armed forces needs to adapt to recruit more digital quartermasters rather than conventional soldiers, conference attendees toldπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK armed forces confirm cyber as fifth dimension of warfare
Armed forces needs to adapt to recruit more digital quartermasters rather than conventional soldiers, conference attendees told
β HP Omen Hub Exposes Millions of Gamers to Cyberattack β
π Read
via "Threat Post".
A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.π Read
via "Threat Post".
Threat Post
HP Omen Hub Exposes Millions of Gamers to Cyberattack
A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.
β REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out β
π Read
via "Threat Post".
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13.π Read
via "Threat Post".
Threat Post
REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13.
β Financial Cybercrime: Following Cryptocurrency via Public Ledgers β
π Read
via "Threat Post".
John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.π Read
via "Threat Post".
Threat Post
Financial Cybercrime: Following Cryptocurrency via Public Ledgers
John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.
β DDoS Attacks: A Flourishing Business for Cybercrooks β Podcast β
π Read
via "Threat Post".
Impervaβs Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,π Read
via "Threat Post".
ποΈ Meris botnet leverages HTTP pipelining to smash DDoS attack records ποΈ
π Read
via "The Daily Swig".
Source of attacks βalmost entirely composed of Mikrotik devicesβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Meris botnet leverages HTTP pipelining to smash DDoS attack records
Source of attacks βalmost entirely composed of Mikrotik devicesβ
βΌ CVE-2020-14119 βΌ
π Read
via "National Vulnerability Database".
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12π Read
via "National Vulnerability Database".
βΌ CVE-2020-14109 βΌ
π Read
via "National Vulnerability Database".
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12π Read
via "National Vulnerability Database".
βΌ CVE-2021-34576 βΌ
π Read
via "National Vulnerability Database".
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.π Read
via "National Vulnerability Database".