โ Log4Shell explained โ how it works, why you need to know, and how to fix it โ
๐ Read
via "Naked Security".
Find out how to deal with the Log2Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!๐ Read
via "Naked Security".
Sophos News
Naked Security โ Sophos News
โผ CVE-2021-40858 โผ
๐ Read
via "National Vulnerability Database".
Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44847 โผ
๐ Read
via "National Vulnerability Database".
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44154 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44155 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44151 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2021-44848 โผ
๐ Read
via "National Vulnerability Database".
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2018-25022 โผ
๐ Read
via "National Vulnerability Database".
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44153 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.)๐ Read
via "National Vulnerability Database".
โผ CVE-2018-25021 โผ
๐ Read
via "National Vulnerability Database".
The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44152 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40856 โผ
๐ Read
via "National Vulnerability Database".
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40857 โผ
๐ Read
via "National Vulnerability Database".
Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42549 โผ
๐ Read
via "National Vulnerability Database".
Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24782 โผ
๐ Read
via "National Vulnerability Database".
The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24819 โผ
๐ Read
via "National Vulnerability Database".
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2021-24945 โผ
๐ Read
via "National Vulnerability Database".
The Like Button Rating รยขรขโยขรยฅ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24872 โผ
๐ Read
via "National Vulnerability Database".
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24925 โผ
๐ Read
via "National Vulnerability Database".
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24954 โผ
๐ Read
via "National Vulnerability Database".
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24861 โผ
๐ Read
via "National Vulnerability Database".
The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection๐ Read
via "National Vulnerability Database".