βΌ CVE-2020-20598 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20593 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20605 βΌ
π Read
via "National Vulnerability Database".
Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20426 βΌ
π Read
via "National Vulnerability Database".
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20600 βΌ
π Read
via "National Vulnerability Database".
MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20595 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20597 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44548 βΌ
π Read
via "National Vulnerability Database".
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45463 βΌ
π Read
via "National Vulnerability Database".
GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4144 βΌ
π Read
via "National Vulnerability Database".
TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.π Read
via "National Vulnerability Database".
π1
ποΈ US clothing supplier Pro Wrestling Tees hit by data breach ποΈ
π Read
via "The Daily Swig".
Law enforcement alerted company to compromise of payment card infoπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US clothing supplier Pro Wrestling Tees hit by data breach
Law enforcement alerted company to compromise of payment card info
β Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them! β
π Read
via "Naked Security".
Phew! An audacious crime... that didn't work out.π Read
via "Naked Security".
Naked Security
Plundered bitcoins recovered by FBI β all 3,879-and-one-sixth of them!
Phew! An audacious crimeβ¦ that didnβt work out.
β βSpider-Man: No Way Homeβ Download Installs Cryptominer β
π Read
via "Threat Post".
The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report.π Read
via "Threat Post".
Threat Post
βSpider-Man: No Way Homeβ Download Installs Cryptominer
The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report.
βΌ CVE-2021-44600 βΌ
π Read
via "National Vulnerability Database".
The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44599 βΌ
π Read
via "National Vulnerability Database".
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.π Read
via "National Vulnerability Database".
ποΈ Wireless coexistence β New attack technique exploits Bluetooth, WiFi performance features for βinter-chip privilege escalationβ ποΈ
π Read
via "The Daily Swig".
Attackers can use connections between wireless chips to steal data or credentials, researchers findπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Wireless coexistence β New attack technique exploits Bluetooth, WiFi performance features for βinter-chip privilege escalationβ
Attackers can use connections between wireless chips to steal data or credentials, researchers find
β Telegram Abused to Steal Crypto-Wallet Credentials β
π Read
via "Threat Post".
Attackers use the Telegram handle βSmokes Nightβ to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said.π Read
via "Threat Post".
Threat Post
Telegram Abused to Steal Crypto-Wallet Credentials
Attackers use the Telegram handle βSmokes Nightβ to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said.
π¦Ώ How to deploy a Bitwarden server with Docker π¦Ώ
π Read
via "Tech Republic".
Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker.π Read
via "Tech Republic".
TechRepublic
How to deploy a Bitwarden server with Docker
Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker.
ποΈ Popular WordPress platform Flywheel vulnerable to subdomain takeover ποΈ
π Read
via "The Daily Swig".
Malicious actors could wreak havoc by impersonating legitimate websitesπ Read
via "The Daily Swig".
βΌ CVE-2021-44526 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23175 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.π Read
via "National Vulnerability Database".