🕴 Wardrivers Can Still Easily Crack 70% of WiFi Passwords 🕴
📖 Read
via "Dark Reading".
Weaknesses in the current WiFi standard and poorly chosen passwords allowed one wardriver to recover 70% of wireless network passwords.📖 Read
via "Dark Reading".
Dark Reading
Wardrivers Can Still Easily Crack 70% of Wi-Fi Passwords
Weaknesses in the current Wi-Fi standard and poorly chosen passwords allowed one wardriver to recover 70% of wireless network passwords.
‼ CVE-2020-5669 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40344 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34583 ‼
📖 Read
via "National Vulnerability Database".
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34585 ‼
📖 Read
via "National Vulnerability Database".
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34595 ‼
📖 Read
via "National Vulnerability Database".
A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34584 ‼
📖 Read
via "National Vulnerability Database".
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40345 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34596 ‼
📖 Read
via "National Vulnerability Database".
A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42343 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40343 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34593 ‼
📖 Read
via "National Vulnerability Database".
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34586 ‼
📖 Read
via "National Vulnerability Database".
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.📖 Read
via "National Vulnerability Database".
❌ Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads ❌
📖 Read
via "Threat Post".
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.📖 Read
via "Threat Post".
Threat Post
Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
🕴 Pulling Back the Curtain on Bug Bounties 🕴
📖 Read
via "Dark Reading".
It's critical that infosec professionals and consumers understand threats and vulnerabilities, but they are being kept in the dark.📖 Read
via "Dark Reading".
Dark Reading
Pulling Back the Curtain on Bug Bounties
It's critical that infosec professionals and consumers understand threats and vulnerabilities, but they are being kept in the dark.
‼ CVE-2021-26607 ‼
📖 Read
via "National Vulnerability Database".
An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41873 ‼
📖 Read
via "National Vulnerability Database".
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37371 ‼
📖 Read
via "National Vulnerability Database".
Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26609 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information.📖 Read
via "National Vulnerability Database".
‼ CVE-2011-2195 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37372 ‼
📖 Read
via "National Vulnerability Database".
Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.📖 Read
via "National Vulnerability Database".