βΌ CVE-2020-23061 βΌ
π Read
via "National Vulnerability Database".
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23046 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36502 βΌ
π Read
via "National Vulnerability Database".
Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36489 βΌ
π Read
via "National Vulnerability Database".
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28961 βΌ
π Read
via "National Vulnerability Database".
Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36498 βΌ
π Read
via "National Vulnerability Database".
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28969 βΌ
π Read
via "National Vulnerability Database".
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23049 βΌ
π Read
via "National Vulnerability Database".
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23042 βΌ
π Read
via "National Vulnerability Database".
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36495 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36496 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36497 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36499 βΌ
π Read
via "National Vulnerability Database".
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36501 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42258 βΌ
π Read
via "National Vulnerability Database".
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.π Read
via "National Vulnerability Database".
π’ Kaspersky Internet Security review: Powerful, highly configurable protection π’
π Read
via "ITPro".
Easy to use, efficient and accurate malware defense for users who want to personalise their protectionπ Read
via "ITPro".
IT PRO
Kaspersky Internet Security review: Powerful, highly configurable protection | IT PRO
Easy to use, efficient and accurate malware defense for users who want to personalise their protection
π’ The many IT errors of the British government π’
π Read
via "ITPro".
Are UK politicians living proof that human error is the biggest weakness in cyber security?π Read
via "ITPro".
IT PRO
The many IT errors of the British government | IT PRO
Are UK politicians living proof that human error is the biggest weakness in cyber security?
π’ Microsoft touts new cyber security help for nonprofits π’
π Read
via "ITPro".
Free training, security assessments, and access to tools given to strengthen charitiesβ security postureπ Read
via "ITPro".
ITPro
Microsoft touts new cyber security help for nonprofits
Free training, security assessments, and access to tools given to strengthen charitiesβ security posture
π’ Ofcom report reveals alarming uptick in smishing attacks π’
π Read
via "ITPro".
Text-based scams now more common than phone calls among young adultsπ Read
via "ITPro".
IT PRO
Ofcom report reveals alarming uptick in smishing attacks | IT PRO
Text-based scams now more common than phone calls among young adults
π’ US to ban surveillance software exports to authoritarian governments π’
π Read
via "ITPro".
Commerce dept to prevent US companies from selling tools to hack peopleπ Read
via "ITPro".
IT PRO
US to ban surveillance software exports to authoritarian governments | IT PRO
Commerce dept to prevent US companies from selling tools to hack people
π’ CISA, FBI and NSA publish BlackMatter ransomware warning π’
π Read
via "ITPro".
The agencies are warning organisations about the attacks which they say have been used in the past to target US critical infrastructureπ Read
via "ITPro".
IT PRO
CISA, FBI and NSA publish BlackMatter ransomware warning | IT PRO
The agencies are warning organisations about the attacks which they say have been used in the past to target US critical infrastructure