‼ CVE-2021-40922 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41464 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40924 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41463 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41465 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter.📖 Read
via "National Vulnerability Database".
🦿 Consumer privacy study finds online privacy is of growing concern to increasingly more people 🦿
📖 Read
via "Tech Republic".
The study, from Cisco, comes with the announcement of its New Trust Standard, a benchmark for seeing how trustworthy businesses are as they embrace digital transformation.📖 Read
via "Tech Republic".
🕴 4.6M Neiman Marcus Online Customers Alerted to Data Breach 🕴
📖 Read
via "Dark Reading".
The breach occurred in May 2020.📖 Read
via "Dark Reading".
Dark Reading
4.6M Neiman Marcus Online Customers Alerted to Data Breach
The breach occurred in May 2020.
🦿 Lawsuit claims ransomware attack caused fatal injury to infant at Alabama hospital 🦿
📖 Read
via "Tech Republic".
Fetal heartbeat monitors were down in the labor and delivery wards, which the lawsuit claims resulted in a baby being born with brain damage.📖 Read
via "Tech Republic".
TechRepublic
Lawsuit claims ransomware attack caused fatal injury to infant at Alabama hospital
Fetal heartbeat monitors were down in the labor and delivery wards, which the lawsuit claims resulted in a baby being born with brain damage.
🕴 Why Windows Print Spooler Remains a Big Attack Target 🕴
📖 Read
via "Dark Reading".
Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.📖 Read
via "Dark Reading".
Dark Reading
Why Windows Print Spooler Remains a Big Attack Target
Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.
🕴 Companies Face Issues as Let's Encrypt Root Certificate Expires 🕴
📖 Read
via "Dark Reading".
Experts warn devices will be affected after major HTTPS certificate provider Let's Encrypt saw its root certificate expire this week.📖 Read
via "Dark Reading".
Dark Reading
Companies Face Issues as Let's Encrypt Root Certificate Expires
Experts warn devices will be affected after major HTTPS certificate provider Let's Encrypt saw its root certificate expire this week.
❌ MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed ❌
📖 Read
via "Threat Post".
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.📖 Read
via "Threat Post".
Threat Post
MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.
‼ CVE-2021-38097 ‼
📖 Read
via "National Vulnerability Database".
Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38104 ‼
📖 Read
via "National Vulnerability Database".
IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21014 ‼
📖 Read
via "National Vulnerability Database".
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38099 ‼
📖 Read
via "National Vulnerability Database".
CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CPT file. This is different from CVE-2021-38101.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38096 ‼
📖 Read
via "National Vulnerability Database".
Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21012 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38103 ‼
📖 Read
via "National Vulnerability Database".
IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41845 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21013 ‼
📖 Read
via "National Vulnerability Database".
emlog v6.0.0 contains a SQL injection via /admin/comment.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36298 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.📖 Read
via "National Vulnerability Database".