βΌ CVE-2021-38103 βΌ
π Read
via "National Vulnerability Database".
IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41845 βΌ
π Read
via "National Vulnerability Database".
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21013 βΌ
π Read
via "National Vulnerability Database".
emlog v6.0.0 contains a SQL injection via /admin/comment.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36298 βΌ
π Read
via "National Vulnerability Database".
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36309 βΌ
π Read
via "National Vulnerability Database".
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21228 βΌ
π Read
via "National Vulnerability Database".
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.π Read
via "National Vulnerability Database".
ποΈ βProlificβ ransomware operators arrested in Ukraine β Europol ποΈ
π Read
via "The Daily Swig".
Assets also frozen over βstring of targeted attacksβ against US and European targetsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βProlificβ ransomware operators arrested in Ukraine β Europol
Assets also frozen over βstring of targeted attacksβ against US and European targets
βΌ CVE-2021-22557 βΌ
π Read
via "National Vulnerability Database".
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173π Read
via "National Vulnerability Database".
β Gift card fraud: four suspects hit with money laundering charges β
π Read
via "Naked Security".
Gift card fraud may sound like small beer against ransomware - but it's personal, it hurts, and it's still a multi-million dollar problem.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Cybersecurity Awareness Month: #BeCyberSmart β
π Read
via "Naked Security".
#BeCyberSmart - during CyberSecurity Awareness Month and beyondπ Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: #BeCyberSmart
#BeCyberSmart β during CyberSecurity Awareness Month and beyond
π΄ Top 5 Skills Modern SOC Teams Need to Succeed π΄
π Read
via "Dark Reading".
From basic coding to threat hunting, here are five skills modern SOC teams need to successfully navigate the future of high-scale detection and response.π Read
via "Dark Reading".
Dark Reading
Top 5 Skills Modern SOC Teams Need to Succeed
From basic coding to threat hunting, here are five skills modern SOC teams need to successfully navigate the future of high-scale detection and response.
βΌ CVE-2021-24687 βΌ
π Read
via "National Vulnerability Database".
The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-24654 βΌ
π Read
via "National Vulnerability Database".
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attacks when their profile is viewedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24678 βΌ
π Read
via "National Vulnerability Database".
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41878 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24676 βΌ
π Read
via "National Vulnerability Database".
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issueπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24465 βΌ
π Read
via "National Vulnerability Database".
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24679 βΌ
π Read
via "National Vulnerability Database".
The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issueπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41511 βΌ
π Read
via "National Vulnerability Database".
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24673 βΌ
π Read
via "National Vulnerability Database".
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
ποΈ Cryptocurrency funds removed from 6,000 Coinbase accounts due to flaw in SMS authentication ποΈ
π Read
via "The Daily Swig".
Victims are told they will be reimbursedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cryptocurrency funds removed from 6,000 Coinbase accounts due to flaw in SMS authentication
Victims are told they will be reimbursed