βΌ CVE-2021-41426 βΌ
π Read
via "National Vulnerability Database".
Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40503 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the userΓ’β¬β’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40502 βΌ
π Read
via "National Vulnerability Database".
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from B2B units they do not belong to.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41427 βΌ
π Read
via "National Vulnerability Database".
Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43561 βΌ
π Read
via "National Vulnerability Database".
An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38887 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43564 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).π Read
via "National Vulnerability Database".
βΌ CVE-2021-43563 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43562 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12488 βΌ
π Read
via "National Vulnerability Database".
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40501 βΌ
π Read
via "National Vulnerability Database".
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40504 βΌ
π Read
via "National Vulnerability Database".
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40521 βΌ
π Read
via "National Vulnerability Database".
Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40519 βΌ
π Read
via "National Vulnerability Database".
Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43523 βΌ
π Read
via "National Vulnerability Database".
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40518 βΌ
π Read
via "National Vulnerability Database".
Airangel HSMX Gateway devices through 5.2.04 allow CSRF.π Read
via "National Vulnerability Database".
β Patch Tuesday updates the Win 7 updaterβ¦ for at most 1 more year of updates β
π Read
via "Naked Security".
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!π Read
via "Naked Security".
Naked Security
Patch Tuesday updates the Win 7 updater⦠for at most 1 more year of updates
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there wonβt be any double overtime!
π GNUnet P2P Framework 0.15.3 π
π Read
via "Packet Storm Security".
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read
via "Packet Storm Security".
Packetstormsecurity
GNUnet P2P Framework 0.15.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Defining the Hierarchy of Value in Cyber Intelligence π΄
π Read
via "Dark Reading".
One size won't fit all as we try to reconcile the need to demonstrate expertise and value with keeping clients and researchers safe.π Read
via "Dark Reading".
Dark Reading
Defining the Hierarchy of Value in Cyber Intelligence
One size won't fit all as we try to reconcile the need to demonstrate expertise and value with keeping clients and researchers safe.
β Critical Citrix Bug Shuts Down Network, Cloud App Access β
π Read
via "Threat Post".
The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.π Read
via "Threat Post".
Threat Post
Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access
The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.
π¦Ώ These industries were the most affected by the past year of ransomware attacks π¦Ώ
π Read
via "Tech Republic".
After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top.π Read
via "Tech Republic".