🗓️ Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise 🗓️
📖 Read
via "The Daily Swig".
Abuse of flaw could give attackers greater access to devices even than its owner📖 Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
🗓️ US policy change states healthcare apps must follow data breach notification rules 🗓️
📖 Read
via "The Daily Swig".
Connected devices such as fitness trackers also obliged to follow tougher privacy rules📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US policy change states healthcare apps must follow data breach notification rules
Connected devices such as fitness trackers also obliged to follow tougher privacy rules
‼ CVE-2021-39402 ‼
📖 Read
via "National Vulnerability Database".
MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40674 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-16651 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21913 ‼
📖 Read
via "National Vulnerability Database".
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.📖 Read
via "National Vulnerability Database".
🛠 Proxmark 4.14434 🛠
📖 Read
via "Packet Storm Security".
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Proxmark 4.14434 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 litefuzz 1.0 🛠
📖 Read
via "Packet Storm Security".
litefuzz is a multi-platform fuzzer for poking at userland binaries and servers.📖 Read
via "Packet Storm Security".
Packetstormsecurity
litefuzz 1.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🦿 Here's how to become an in-demand cybersecurity expert 🦿
📖 Read
via "Tech Republic".
Just a couple of years of IT experience is all that's necessary to break into the cybersecurity field with this self-paced training.📖 Read
via "Tech Republic".
TechRepublic
Here's how to become an in-demand cybersecurity expert
Just a couple of years of IT experience is all that's necessary to break into the cybersecurity field with this self-paced training.
‼ CVE-2021-32839 ‼
📖 Read
via "National Vulnerability Database".
sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29817 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29856 ‼
📖 Read
via "National Vulnerability Database".
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. IBM X-Force ID: 205685.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39555 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D0() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39518 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39527 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32265 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39579 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function string_hash() located in q.c. It allows an attacker to cause code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32282 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_add_check() located in gravity_ircode.c. It allows an attacker to cause Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32269 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21468 ‼
📖 Read
via "National Vulnerability Database".
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39552 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a heap-based buffer overflow.📖 Read
via "National Vulnerability Database".