๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-44674 โ€ผ

An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.

๐Ÿ“– Read

via "National Vulnerability Database".
147 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25040 โ€ผ

The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

๐Ÿ“– Read

via "National Vulnerability Database".
142 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-24893 โ€ผ

The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated.

๐Ÿ“– Read

via "National Vulnerability Database".
142 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-24831 โ€ผ

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.

๐Ÿ“– Read

via "National Vulnerability Database".
138 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25030 โ€ผ

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL injection attacks

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-24991 โ€ผ

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard

๐Ÿ“– Read

via "National Vulnerability Database".
141 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-45428 โ€ผ

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.

๐Ÿ“– Read

via "National Vulnerability Database".
140 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25023 โ€ผ

The Speed Booster Pack รƒยขร…ยกร‚ยก PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement to convert the related table, leading to an SQL injection

๐Ÿ“– Read

via "National Vulnerability Database".
148 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-24828 โ€ผ

The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

๐Ÿ“– Read

via "National Vulnerability Database".
154 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-24963 โ€ผ

The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting

๐Ÿ“– Read

via "National Vulnerability Database".
159 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25001 โ€ผ

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue

๐Ÿ“– Read

via "National Vulnerability Database".
178 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25016 โ€ผ

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting

๐Ÿ“– Read

via "National Vulnerability Database".
204 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-24680 โ€ผ

The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed

๐Ÿ“– Read

via "National Vulnerability Database".
249 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Name That Edge Toon: In Your Face! ๐Ÿ•ด

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Name That Edge Toon: In Your Face!
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
263 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-45817 โ€ผ

Web Viewer for Hanwha DVR version 2.17 is affected by a Cross Site Scripting (XSS) vulnerability that allows an attacker to inject malicious JavaScript codes.

๐Ÿ“– Read

via "National Vulnerability Database".
263 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-46109 โ€ผ

Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.

๐Ÿ“– Read

via "National Vulnerability Database".
268 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-3837 โ€ผ

openwhyd is vulnerable to Improper Authorization

๐Ÿ“– Read

via "National Vulnerability Database".
263 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Log4j Highlights Need for Better Handle on Software Dependencies ๐Ÿ•ด

Security pros say the Log4j vulnerability is another warning call for enterprises to get more disciplined when keeping track of software bills of materials.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Log4j Highlights Need for Better Handle on Software Dependencies
Security pros say the Log4j vulnerability is another warning call for enterprises to get more disciplined when keeping track of software bills of materials.
249 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ›  Wireshark Analyzer 3.6.1 ๐Ÿ› 

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

๐Ÿ“– Read

via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.1 โ‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
243 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ›  SQLMAP - Automatic SQL Injection Tool 1.6 ๐Ÿ› 

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

๐Ÿ“– Read

via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.6 โ‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
261 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ›  Haveged 1.9.16 ๐Ÿ› 

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.

๐Ÿ“– Read

via "Packet Storm Security".
Packetstormsecurity
Haveged 1.9.16 โ‰ˆ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
256 views