‼ CVE-2021-40712 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40702 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40329 ‼
📖 Read
via "National Vulnerability Database".
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39827 ‼
📖 Read
via "National Vulnerability Database".
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36845 ‼
📖 Read
via "National Vulnerability Database".
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39823 ‼
📖 Read
via "National Vulnerability Database".
Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40701 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39826 ‼
📖 Read
via "National Vulnerability Database".
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39824 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
❌ Women, Minorities Are Hacked More Than Others ❌
📖 Read
via "Threat Post".
Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.📖 Read
via "Threat Post".
Threat Post
Women, Minorities Are Hacked More Than Others
Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.
‼ CVE-2021-24632 ‼
📖 Read
via "National Vulnerability Database".
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40713 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41558 ‼
📖 Read
via "National Vulnerability Database".
The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.📖 Read
via "National Vulnerability Database".
🔏 Ransomware Attacks on Agriculture Industry Increase 🔏
📖 Read
via "".
Two attacks on farming co-ops in the midwest have corroborated a warning from the FBI that when it comes to ransomware attacks, the agricultural industry is on watch .📖 Read
via "".
Digital Guardian
Ransomware Attacks on Agriculture Industry Increase
Two attacks on farming co-ops in the midwest have corroborated a warning from the FBI that when it comes to ransomware attacks, the agricultural industry is on watch .
🕴 7 Ways to Thwart Malicious Insiders 🕴
📖 Read
via "Dark Reading".
Malicious insider incidents are less frequent than inadvertent user missteps, but they can cost organizations big time.📖 Read
via "Dark Reading".
Dark Reading
7 Ways to Thwart Malicious Insiders
Malicious insider incidents may be less frequent than inadvertent user missteps, but they can cost organizations big time.
🕴 Thoma Bravo Completes Strategic Investment in Intel 471 🕴
📖 Read
via "Dark Reading".
Intel 471 is a provider of cyber threat intelligence for leading enterprises and governments.📖 Read
via "Dark Reading".
Dark Reading
Thoma Bravo Completes Strategic Investment in Intel 471
Intel 471 is a provider of cyber threat intelligence for leading enterprises and governments.
‼ CVE-2021-41097 ‼
📖 Read
via "National Vulnerability Database".
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be Aurelia applications that employ the `aurelia-router` package. An example is this could allow an attacker to change the prototype of base object class `Object` by tricking an application to parse the following URL: `https://aurelia.io/blog/?__proto__[asdf]=asdf`. The problem is patched in version `1.1.7`.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20035 ‼
📖 Read
via "National Vulnerability Database".
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20034 ‼
📖 Read
via "National Vulnerability Database".
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.📖 Read
via "National Vulnerability Database".
❌ 5 Steps to Securing Your Network Perimeter ❌
📖 Read
via "Threat Post".
Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.📖 Read
via "Threat Post".
Threat Post
5 Steps to Securing Your Network Perimeter
Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.
🕴 Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers 🕴
📖 Read
via "Dark Reading".
The group tracked as Nobelium uses multiple tactics to steal credentials with the goal of gaining admin access to Active Directory Federation Services.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers
The group tracked as Nobelium uses multiple tactics to steal credentials with the goal of gaining admin access to Active Directory Federation Services.