βΌ CVE-2021-3888 βΌ
π Read
via "National Vulnerability Database".
libmobi is vulnerable to Use of Out-of-range Pointer Offsetπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38474 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3858 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3869 βΌ
π Read
via "National Vulnerability Database".
corenlp is vulnerable to Improper Restriction of XML External Entity Referenceπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42261 βΌ
π Read
via "National Vulnerability Database".
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36512 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38486 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38478 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3879 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-38464 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38484 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38480 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the routerΓ’β¬β’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3851 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to URL Redirection to Untrusted Siteπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3872 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38462 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38472 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the routerΓ’β¬β’s management portal and could lure the administrator to perform changes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3863 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-38468 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.π Read
via "National Vulnerability Database".
ποΈ L0phtCrack password auditing tool goes open source ποΈ
π Read
via "The Daily Swig".
Original developers invite OS community to develop further capabilitiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
L0phtCrack password auditing tool goes open source
Original developers invite OS community to develop further capabilities
β A Guide to Doing Cyberintelligence on a Restricted Budget β
π Read
via "Threat Post".
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.π Read
via "Threat Post".
Threat Post
A Guide to Doing Cyberintelligence on a Restricted Budget
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.
π¦Ώ How to keep your data off the Dark Web π¦Ώ
π Read
via "Tech Republic".
Traditional security solutions are no longer enough to protect your organization from a data breach, Bitglass says.π Read
via "Tech Republic".
TechRepublic
How to keep your data off the Dark Web
Traditional security solutions are no longer enough to protect your organization from a data breach, Bitglass says.