‼ CVE-2021-3920 ‼
📖 Read
via "National Vulnerability Database".
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')📖 Read
via "National Vulnerability Database".
🦿 Policymakers want to regulate AI but lack consensus on how 🦿
📖 Read
via "Tech Republic".
Commentary: AI is considered "world changing" by policymakers, but it's unclear how to ensure positive outcomes.📖 Read
via "Tech Republic".
TechRepublic
Policymakers want to regulate AI but lack consensus on how
Commentary: AI is considered "world changing" by policymakers, but it's unclear how to ensure positive outcomes.
🕴 To Beat Ransomware, Apply Zero Trust to Servers Too 🕴
📖 Read
via "Dark Reading".
The path out of the ransomware crisis is full inspection and protection of all traffic flows. That means zero trust everywhere — even between servers.📖 Read
via "Dark Reading".
Dark Reading
To Beat Ransomware, Apply Zero Trust to Servers Too
The path out of the ransomware crisis is full inspection and protection of all traffic flows. That means zero trust everywhere — even between servers.
🗓️ Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bug bounty 🗓️
📖 Read
via "The Daily Swig".
Now-patched API vulnerability allowed attacker to access sensitive resources📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bounty
Now-patched API vulnerability allowed attacker to access sensitive resources
‼ CVE-2021-36003 ‼
📖 Read
via "National Vulnerability Database".
Adobe Audition version 14.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39353 ‼
📖 Read
via "National Vulnerability Database".
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42363 ‼
📖 Read
via "National Vulnerability Database".
The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33850 ‼
📖 Read
via "National Vulnerability Database".
There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22053 ‼
📖 Read
via "National Vulnerability Database".
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37592 ‼
📖 Read
via "National Vulnerability Database".
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43408 ‼
📖 Read
via "National Vulnerability Database".
The Duplicate Post WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43409 ‼
📖 Read
via "National Vulnerability Database".
The "WPO365 | LOGIN" WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker.📖 Read
via "National Vulnerability Database".
🛠 Packet Fence 11.1.0 🛠
📖 Read
via "Packet Storm Security".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Packet Fence 11.1.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ 6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years ❌
📖 Read
via "Threat Post".
Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.📖 Read
via "Threat Post".
Threat Post
6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years
Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
‼ CVE-2021-29326 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39926 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39924 ‼
📖 Read
via "National Vulnerability Database".
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29328 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29329 ‼
📖 Read
via "National Vulnerability Database".
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39921 ‼
📖 Read
via "National Vulnerability Database".
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3962 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in ImageMagick 7.1.0-14 where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.📖 Read
via "National Vulnerability Database".