‼ CVE-2021-40999 ‼
📖 Read
via "National Vulnerability Database".
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38431 ‼
📖 Read
via "National Vulnerability Database".
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39335 ‼
📖 Read
via "National Vulnerability Database".
The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39344 ‼
📖 Read
via "National Vulnerability Database".
The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39349 ‼
📖 Read
via "National Vulnerability Database".
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39345 ‼
📖 Read
via "National Vulnerability Database".
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42333 ‼
📖 Read
via "National Vulnerability Database".
The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42335 ‼
📖 Read
via "National Vulnerability Database".
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39338 ‼
📖 Read
via "National Vulnerability Database".
The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42331 ‼
📖 Read
via "National Vulnerability Database".
The “Study Editâ€� function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39334 ‼
📖 Read
via "National Vulnerability Database".
The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37736 ‼
📖 Read
via "National Vulnerability Database".
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39336 ‼
📖 Read
via "National Vulnerability Database".
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42330 ‼
📖 Read
via "National Vulnerability Database".
The “Teacher Editâ€� function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42336 ‼
📖 Read
via "National Vulnerability Database".
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42329 ‼
📖 Read
via "National Vulnerability Database".
The “List_Addâ€� function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42334 ‼
📖 Read
via "National Vulnerability Database".
The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.📖 Read
via "National Vulnerability Database".
🗓️ Missouri governor criticized for confusing vulnerability disclosure with criminal hacking 🗓️
📖 Read
via "The Daily Swig".
Politician’s accusations unleash torrent of criticism and snarky memes from incredulous infosec pros📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Missouri governor criticized for confusing vulnerability disclosure with criminal hacking
Politician’s accusations unleash torrent of criticism and snarky memes from incredulous infosec pros
🕴 Evolution Equity Partners Close $400M for Cybersecurity Investments 🕴
📖 Read
via "Dark Reading".
The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.📖 Read
via "Dark Reading".
Dark Reading
Evolution Equity Partners Close $400M for Cybersecurity Investments
The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.
🔏 Friday Five 10/15 🔏
📖 Read
via "".
Giving security keys to at risk users, a summit to stop ransomware, and financial losses from cyberattacks pile up - catch up on the infosec news of the week with the Friday Five!📖 Read
via "".
Digital Guardian
Friday Five 10/15
Giving security keys to at risk users, a summit to stop ransomware, and financial losses from cyberattacks pile up - catch up on the infosec news of the week with the Friday Five!
‼ CVE-2021-40721 ‼
📖 Read
via "National Vulnerability Database".
Adobe Connect version 11.2.2 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".