‼ CVE-2021-43550 ‼
📖 Read
via "National Vulnerability Database".
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23244 ‼
📖 Read
via "National Vulnerability Database".
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35232 ‼
📖 Read
via "National Vulnerability Database".
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45904 ‼
📖 Read
via "National Vulnerability Database".
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45906 ‼
📖 Read
via "National Vulnerability Database".
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45905 ‼
📖 Read
via "National Vulnerability Database".
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21237 ‼
📖 Read
via "National Vulnerability Database".
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21238 ‼
📖 Read
via "National Vulnerability Database".
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21236 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.📖 Read
via "National Vulnerability Database".
❌ 2021 Wants Another Chance (A Lighter-Side Year in Review) ❌
📖 Read
via "Threat Post".
The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.📖 Read
via "Threat Post".
Threat Post
2021 Wants Another Chance (A Lighter-Side Year in Review)
The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.
‼ CVE-2021-4179 ‼
📖 Read
via "National Vulnerability Database".
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4177 ‼
📖 Read
via "National Vulnerability Database".
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37400 ‼
📖 Read
via "National Vulnerability Database".
An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45425 ‼
📖 Read
via "National Vulnerability Database".
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37401 ‼
📖 Read
via "National Vulnerability Database".
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-17875 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-20082 ‼
📖 Read
via "National Vulnerability Database".
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45903 ‼
📖 Read
via "National Vulnerability Database".
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.📖 Read
via "National Vulnerability Database".
🕴 An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks 🕴
📖 Read
via "Dark Reading".
Ransomware demands a new approach to incident response.📖 Read
via "Dark Reading".
Dark Reading
An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks
Ransomware demands a new approach to incident response.
🔏 Insider Threat: Definition & Examples 🔏
📖 Read
via "".
A recent report said that almost half of data breaches involve an insider element. In this blog we define what constitutes an insider threat and give you nearly 50 examples to help illustrate the threat further.📖 Read
via "".
❌ That Toy You Got for Christmas Could Be Spying on You ❌
📖 Read
via "Threat Post".
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.📖 Read
via "Threat Post".
Threat Post
That Toy You Got for Christmas Could Be Spying on You
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.