βΌ CVE-2021-3869 βΌ
π Read
via "National Vulnerability Database".
corenlp is vulnerable to Improper Restriction of XML External Entity Referenceπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42261 βΌ
π Read
via "National Vulnerability Database".
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36512 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38486 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38478 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3879 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-38464 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38484 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38480 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the routerΓ’β¬β’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3851 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to URL Redirection to Untrusted Siteπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3872 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38462 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38472 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the routerΓ’β¬β’s management portal and could lure the administrator to perform changes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3863 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-38468 βΌ
π Read
via "National Vulnerability Database".
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.π Read
via "National Vulnerability Database".
ποΈ L0phtCrack password auditing tool goes open source ποΈ
π Read
via "The Daily Swig".
Original developers invite OS community to develop further capabilitiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
L0phtCrack password auditing tool goes open source
Original developers invite OS community to develop further capabilities
β A Guide to Doing Cyberintelligence on a Restricted Budget β
π Read
via "Threat Post".
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.π Read
via "Threat Post".
Threat Post
A Guide to Doing Cyberintelligence on a Restricted Budget
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.
π¦Ώ How to keep your data off the Dark Web π¦Ώ
π Read
via "Tech Republic".
Traditional security solutions are no longer enough to protect your organization from a data breach, Bitglass says.π Read
via "Tech Republic".
TechRepublic
How to keep your data off the Dark Web
Traditional security solutions are no longer enough to protect your organization from a data breach, Bitglass says.
π¦Ώ Aruba introduces the industry's first distributed services switch π¦Ώ
π Read
via "Tech Republic".
The new CX 10000 integrates security services, like a firewall, directly into a one-unit network switch deployable anywhere security and other services need to reside.π Read
via "Tech Republic".
TechRepublic
Aruba introduces the industry's first distributed services switch
The new CX 10000 integrates security services, like a firewall, directly into a one-unit network switch deployable anywhere security and other services need to reside.
π¦Ώ How to proactively detect and prevent ransomware attacks π¦Ώ
π Read
via "Tech Republic".
Two out of three organizations surveyed by ThycoticCentrify were hit by a ransomware attack over the past 12 months, and more than 80% reportedly opted to pay the ransom.π Read
via "Tech Republic".
TechRepublic
How to proactively detect and prevent ransomware attacks
Two out of three organizations surveyed by ThycoticCentrify were hit by a ransomware attack over the past 12 months, and more than 80% reportedly opted to pay the ransom.
π¦Ώ Tech support scams top list of latest phishing threats π¦Ώ
π Read
via "Tech Republic".
Tech support scams work because they try to trick people into believing there's a serious security crisis with their computers, says Norton Labs.π Read
via "Tech Republic".
TechRepublic
Tech support scams top list of latest phishing threats
Tech support scams work because they try to trick people into believing there's a serious security crisis with their computers, says Norton Labs.