‼ CVE-2021-33271 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33265 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33267 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33270 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33266 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33269 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33268 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request.📖 Read
via "National Vulnerability Database".
🕴 Military Vets Share Lessons That Helped Them Build Infosec Startups 🕴
📖 Read
via "Dark Reading".
Startup founders who previously served in the military share the lessons that have helped them build cybersecurity careers and companies.📖 Read
via "Dark Reading".
Dark Reading
Military Vets Share Lessons That Helped Them Build Infosec Startups
Startup founders say serving in the military taught them how to defend against cyberattacks and how to build teams. These lessons are serving them well as they run their own companies.
🕴 APT Groups Adopt New Phishing Method. Will Cybercriminals Follow? 🕴
📖 Read
via "Dark Reading".
APT actors from Russia, China, and India have been observed using the RTF-template injection technique that researchers say is poised for wider adoption.📖 Read
via "Dark Reading".
Dark Reading
APT Groups Adopt New Phishing Method. Will Cybercriminals Follow?
APT actors from Russia, China, and India have been observed using the RTF-template injection technique that researchers say is poised for wider adoption.
‼ CVE-2021-26777 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43791 ‼
📖 Read
via "National Vulnerability Database".
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirmation link takes a user to the check_prereg_key_and_redirect endpoint, before getting redirected to POST to /accounts/register/. The problem was that validation was happening in the check_prereg_key_and_redirect part and not in /accounts/register/ - meaning that one could submit an expired confirmation key and be able to register. The issue is fixed in Zulip 4.8. There are no known workarounds and users are advised to upgrade as soon as possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27414 ‼
📖 Read
via "National Vulnerability Database".
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44227 ‼
📖 Read
via "National Vulnerability Database".
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.📖 Read
via "National Vulnerability Database".
🗓️ Data breach at Florida school district impacts 50,000 students and employees 🗓️
📖 Read
via "The Daily Swig".
Broward County School District backtracks after ransomware attack📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at Florida school district impacts 50,000 students and employees
Broward County School District backtracks after ransomware attack
🗓️ Insider threat: Tech firm was hacked and extorted by its own employee, says FBI 🗓️
📖 Read
via "The Daily Swig".
Senior developer also accused of posing as anonymous whistleblower📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Insider threat: Tech firm was hacked and extorted by its own employee, says FBI
Senior developer also accused of posing as anonymous whistleblower
🕴 Breaking the Black Mirror and Other Lessons From Day of Shecurity 🕴
📖 Read
via "Dark Reading".
Diversity brings more varied solutions to major challenges in cybersecurity, just as it does in every other industry.📖 Read
via "Dark Reading".
Dark Reading
Breaking the Black Mirror and Other Lessons From Day of Shecurity
Diversity brings more varied solutions to major challenges in cybersecurity, just as it does in every other industry.
‼ CVE-2021-43682 ‼
📖 Read
via "National Vulnerability Database".
thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST'].📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43681 ‼
📖 Read
via "National Vulnerability Database".
SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name'].📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43686 ‼
📖 Read
via "National Vulnerability Database".
nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t'].📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43683 ‼
📖 Read
via "National Vulnerability Database".
pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash'].📖 Read
via "National Vulnerability Database".
🔏 Five Health Providers Held Accountable for Violating HIPAA Right of Access 🔏
📖 Read
via "".
OCR has shown that its serious about patients being able to access their healthcare records – recently levied penalties serve as a reminder for organizations to know where PHI is at all times.📖 Read
via "".
Digital Guardian
Five Health Providers Held Accountable for Violating HIPAA Right of Access
OCR has shown that its serious about patients being able to access their healthcare records – recently levied penalties serve as a reminder for organizations to know where PHI is at all times.