‼ CVE-2021-36756 ‼
📖 Read
via "National Vulnerability Database".
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24932 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41589 ‼
📖 Read
via "National Vulnerability Database".
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymous write access to the build cache. If access control to the build cache is not changed from the default open configuration, a malicious actor with network access can populate the cache with manipulated entries that may execute malicious code as part of a build process. This applies to the build cache provided with Gradle Enterprise and the separate build cache node service if used. If access control to the user interface is not changed from the default open configuration, a malicious actor can undo build cache access control in order to populate the cache with manipulated entries that may execute malicious code as part of a build process. This does not apply to the build cache provided with Gradle Enterprise, but does apply to the separate build cache node service if used.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41619 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options. Some of these options, such as -XX:OnOutOfMemoryError, allow specifying a command to be run on the host. This can be abused to run arbitrary commands on the host, should an attacker gain administrative access to the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37221 ‼
📖 Read
via "National Vulnerability Database".
A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. .📖 Read
via "National Vulnerability Database".
❌ Apple Patches Critical iOS Bugs; One Under Attack ❌
📖 Read
via "Threat Post".
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.📖 Read
via "Threat Post".
Threat Post
Apple Patches Critical iOS Bugs; One Under Attack
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.
🕴 Cybercriminals Ramp Up Attacks on Web APIs 🕴
📖 Read
via "Dark Reading".
As more organizations use application programming interfaces for Web applications, attacks and security incidents targeting APIs continue to grow.📖 Read
via "Dark Reading".
Dark Reading
Cybercriminals Ramp Up Attacks on Web APIs
As more organizations use application programming interfaces for Web applications, attacks and security incidents targeting APIs continue to grow.
🛠 Zeek 4.1.1 🛠
📖 Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 4.1.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ War-Driving Technique Allows Wi-Fi Password-Cracking at Scale ❌
📖 Read
via "Threat Post".
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.📖 Read
via "Threat Post".
Threat Post
War-Driving Technique Allows Wi-Fi Password-Cracking at Scale
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.
🕴 6 Eye-Opening Statistics About Software Supply Chain Security 🕴
📖 Read
via "Dark Reading".
The latest facts and figures on the state of software supply chain security in the enterprise.📖 Read
via "Dark Reading".
Dark Reading
6 Eye-Opening Statistics About Software Supply Chain Security
The latest facts and figures on the state of software supply chain security in the enterprise.
🕴 Kaspersky Buys Brain4Net to Build SASE & XDR Tools 🕴
📖 Read
via "Dark Reading".
Brain4Net builds tools to help enterprises and service providers add SD-WAN and NFV technologies to their existing infrastructure.📖 Read
via "Dark Reading".
Dark Reading
Kaspersky Buys Brain4Net to Build SASE & XDR Tools
Brain4Net builds tools to help enterprises and service providers add SD-WAN and NFV technologies to their existing infrastructure.
‼ CVE-2021-37807 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37803 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php .📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37808 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20526 ‼
📖 Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29774 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29786 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29844 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29673 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29868 ‼
📖 Read
via "National Vulnerability Database".
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29713 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.📖 Read
via "National Vulnerability Database".