❌ Global Cyberattacks from Nation-State Actors Posing Greater Threats ❌
📖 Read
via "Threat Post".
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. 📖 Read
via "Threat Post".
Threat Post
Global Cyberattacks from Nation-State Actors Posing Greater Threats
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.
‼ CVE-2021-21751 ‼
📖 Read
via "National Vulnerability Database".
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43857 ‼
📖 Read
via "National Vulnerability Database".
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21750 ‼
📖 Read
via "National Vulnerability Database".
ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45890 ‼
📖 Read
via "National Vulnerability Database".
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32993 ‼
📖 Read
via "National Vulnerability Database".
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33017 ‼
📖 Read
via "National Vulnerability Database".
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43548 ‼
📖 Read
via "National Vulnerability Database".
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43552 ‼
📖 Read
via "National Vulnerability Database".
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4161 ‼
📖 Read
via "National Vulnerability Database".
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43550 ‼
📖 Read
via "National Vulnerability Database".
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23244 ‼
📖 Read
via "National Vulnerability Database".
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35232 ‼
📖 Read
via "National Vulnerability Database".
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45904 ‼
📖 Read
via "National Vulnerability Database".
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45906 ‼
📖 Read
via "National Vulnerability Database".
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45905 ‼
📖 Read
via "National Vulnerability Database".
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21237 ‼
📖 Read
via "National Vulnerability Database".
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21238 ‼
📖 Read
via "National Vulnerability Database".
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21236 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.📖 Read
via "National Vulnerability Database".
❌ 2021 Wants Another Chance (A Lighter-Side Year in Review) ❌
📖 Read
via "Threat Post".
The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.📖 Read
via "Threat Post".
Threat Post
2021 Wants Another Chance (A Lighter-Side Year in Review)
The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.
‼ CVE-2021-4179 ‼
📖 Read
via "National Vulnerability Database".
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')📖 Read
via "National Vulnerability Database".