‼ CVE-2021-42727 ‼
📖 Read
via "National Vulnerability Database".
Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can upload arbitrary files outside of the intended directory to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3935 ‼
📖 Read
via "National Vulnerability Database".
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43558 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40771 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43560 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40775 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40770 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42738 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3943 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40774 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
🛠 OpenStego Free Steganography Solution 0.8.1 🛠
📖 Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).📖 Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Hashcat Advanced Password Recovery 6.2.5 Binary Release 🛠
📖 Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.5 Binary Release ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Hashcat Advanced Password Recovery 6.2.5 Source Code 🛠
📖 Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.5 Source Code ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🦿 Mozilla has released a new platform for privacy-focused email communications 🦿
📖 Read
via "Tech Republic".
When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.📖 Read
via "Tech Republic".
TechRepublic
Mozilla has released a new platform for privacy-focused email communications
When you don't want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.
‼ CVE-2021-23673 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23732 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23718 ‼
📖 Read
via "National Vulnerability Database".
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-5640 ‼
📖 Read
via "National Vulnerability Database".
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user📖 Read
via "National Vulnerability Database".
❌ Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover ❌
📖 Read
via "Threat Post".
CloudLinux' security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.📖 Read
via "Threat Post".
Threat Post
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
CloudLinux's security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
❌ Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws ❌
📖 Read
via "Threat Post".
Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.📖 Read
via "Threat Post".
Threat Post
Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws
Exploiting ProxyLogon and ProxyShell vulnerabilities, attackers have been malspamming replies in existing threads and slipping past malicious-email filters.
🦿 Leaders agree that cybersecurity is a business risk, but are they acting on that belief? 🦿
📖 Read
via "Tech Republic".
Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.📖 Read
via "Tech Republic".
TechRepublic
Leaders agree that cybersecurity is a business risk, but are they acting on that belief?
Despite nearly unanimous agreement, there's still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.