βΌ CVE-2021-24749 βΌ
π Read
via "National Vulnerability Database".
The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24755 βΌ
π Read
via "National Vulnerability Database".
The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated userπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24889 βΌ
π Read
via "National Vulnerability Database".
The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38147 βΌ
π Read
via "National Vulnerability Database".
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24860 βΌ
π Read
via "National Vulnerability Database".
The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issueπ Read
via "National Vulnerability Database".
βΌ CVE-2021-21707 βΌ
π Read
via "National Vulnerability Database".
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24751 βΌ
π Read
via "National Vulnerability Database".
The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24842 βΌ
π Read
via "National Vulnerability Database".
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24811 βΌ
π Read
via "National Vulnerability Database".
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24876 βΌ
π Read
via "National Vulnerability Database".
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24745 βΌ
π Read
via "National Vulnerability Database".
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
ποΈ UK Department for Transport caught inadvertently serving pornographic content to site visitors ποΈ
π Read
via "The Daily Swig".
βThe page has since been permanently deletedβ, a government spokesperson told The Daily Swigπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK Department for Transport caught inadvertently serving pornographic content to site visitors
βThe page has since been permanently deletedβ, a government spokesperson told The Daily Swig
βΌ CVE-2021-43698 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
ποΈ Interpol arrests 1,000 suspects, seizes $27m in crackdown on cybercrime ποΈ
π Read
via "The Daily Swig".
Worldwide law enforcement operation targets online crime surgeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Interpol arrests 1,000 suspects, seizes $27m in crackdown on cybercrime
Worldwide law enforcement operation targets online crime surge
π΄ Paving the Road to Zero Trust With Adaptive Authentication π΄
π Read
via "Dark Reading".
A gradual transition to a world beyond passwords predisposes zero-trust projects to success.π Read
via "Dark Reading".
Dark Reading
Paving the Road to Zero Trust With Adaptive Authentication
A gradual transition to a world beyond passwords predisposes zero-trust projects to success.
π΄ NanoLock Security and Waterfall Security Partner to Deliver OT Security for Industrial and Energy Applications π΄
π Read
via "Dark Reading".
The solution combines NanoLockβs device-level, zero-trust protection with Waterfallβs hardware-enforced IT/OT perimeter protection to provide a powerful OT security solution that mitigates cyber events from both IT and OT networks.π Read
via "Dark Reading".
Dark Reading
NanoLock Security and Waterfall Security Partner to Deliver OT Security for Industrial and Energy Applications
The solution combines NanoLockβs device-level, zero-trust protection with Waterfallβs hardware-enforced IT/OT perimeter protection to provide a powerful OT security solution that mitigates cyber events from both IT and OT networks.
βΌ CVE-2021-43696 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of twmap is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43695 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43697 βΌ
π Read
via "National Vulnerability Database".
An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability.π Read
via "National Vulnerability Database".
π¦Ώ WFH security: How to protect your remote endpoints from vulnerabilities π¦Ώ
π Read
via "Tech Republic".
Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.π Read
via "Tech Republic".
TechRepublic
WFH security: How to protect your remote endpoints from vulnerabilities
Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.
β Cloud Security: Donβt wait until your next bill to find out about an attack! β
π Read
via "Naked Security".
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.π Read
via "Naked Security".
Naked Security
Cloud Security: Donβt wait until your next bill to find out about an attack!
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.