🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.9K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.9K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36493 ‼

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

📖 Read

via "National Vulnerability Database".
96 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36490 ‼

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.

📖 Read

via "National Vulnerability Database".
91 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-28955 ‼

SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.

📖 Read

via "National Vulnerability Database".
92 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23047 ‼

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.

📖 Read

via "National Vulnerability Database".
92 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23037 ‼

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

📖 Read

via "National Vulnerability Database".
90 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23061 ‼

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command.

📖 Read

via "National Vulnerability Database".
91 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23046 ‼

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.

📖 Read

via "National Vulnerability Database".
93 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36502 ‼

Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.

📖 Read

via "National Vulnerability Database".
95 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36489 ‼

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information.

📖 Read

via "National Vulnerability Database".
100 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-28961 ‼

Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.

📖 Read

via "National Vulnerability Database".
100 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36498 ‼

Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field.

📖 Read

via "National Vulnerability Database".
98 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-28969 ‼

Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.

📖 Read

via "National Vulnerability Database".
97 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23049 ‼

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

📖 Read

via "National Vulnerability Database".
103 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-23042 ‼

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.

📖 Read

via "National Vulnerability Database".
105 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36495 ‼

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.

📖 Read

via "National Vulnerability Database".
109 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36496 ‼

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.

📖 Read

via "National Vulnerability Database".
116 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36497 ‼

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.

📖 Read

via "National Vulnerability Database".
134 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36499 ‼

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value.

📖 Read

via "National Vulnerability Database".
150 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2020-36501 ‼

Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

📖 Read

via "National Vulnerability Database".
158 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2021-42258 ‼

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.

📖 Read

via "National Vulnerability Database".
153 views
🛡 Cybersecurity & Privacy 🛡 - News
📢 Kaspersky Internet Security review: Powerful, highly configurable protection 📢

Easy to use, efficient and accurate malware defense for users who want to personalise their protection

📖 Read

via "ITPro".
IT PRO
Kaspersky Internet Security review: Powerful, highly configurable protection | IT PRO
Easy to use, efficient and accurate malware defense for users who want to personalise their protection
145 views