βΌ CVE-2021-24828 βΌ
π Read
via "National Vulnerability Database".
The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24963 βΌ
π Read
via "National Vulnerability Database".
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25001 βΌ
π Read
via "National Vulnerability Database".
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issueπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25016 βΌ
π Read
via "National Vulnerability Database".
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24680 βΌ
π Read
via "National Vulnerability Database".
The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages, allowing users with a role as low as editor to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
π΄ Name That Edge Toon: In Your Face! π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: In Your Face!
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2021-45817 βΌ
π Read
via "National Vulnerability Database".
Web Viewer for Hanwha DVR version 2.17 is affected by a Cross Site Scripting (XSS) vulnerability that allows an attacker to inject malicious JavaScript codes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46109 βΌ
π Read
via "National Vulnerability Database".
Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3837 βΌ
π Read
via "National Vulnerability Database".
openwhyd is vulnerable to Improper Authorizationπ Read
via "National Vulnerability Database".
π΄ Log4j Highlights Need for Better Handle on Software Dependencies π΄
π Read
via "Dark Reading".
Security pros say the Log4j vulnerability is another warning call for enterprises to get more disciplined when keeping track of software bills of materials.π Read
via "Dark Reading".
Dark Reading
Log4j Highlights Need for Better Handle on Software Dependencies
Security pros say the Log4j vulnerability is another warning call for enterprises to get more disciplined when keeping track of software bills of materials.
π Wireshark Analyzer 3.6.1 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π SQLMAP - Automatic SQL Injection Tool 1.6 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Haveged 1.9.16 π
π Read
via "Packet Storm Security".
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.π Read
via "Packet Storm Security".
Packetstormsecurity
Haveged 1.9.16 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Pathr.ai Reaffirms Position as Privacy-Centric Solution for Retailers with Spatial Intelligence Platform π΄
π Read
via "Dark Reading".
Pathr.aiβs Spatial Intelligence technology is used to improve business outcomes in a variety of retail use cases.π Read
via "Dark Reading".
Dark Reading
Pathr.ai Reaffirms Position as Privacy-Centric Solution for Retailers with Spatial Intelligence Platform
Pathr.aiβs Spatial Intelligence technology is used to improve business outcomes in a variety of retail use cases.
π¦Ώ How to install the CSF firewall on Ubuntu Server π¦Ώ
π Read
via "Tech Republic".
If you'd like a powerful firewall for your Ubuntu Server, but one that offers a fairly straightforward configuration, Jack Wallen thinks CSF might be the right tool for the job.π Read
via "Tech Republic".
TechRepublic
How to install the CSF firewall on Ubuntu Server
If you'd like a powerful firewall for your Ubuntu Server, but one that offers a fairly straightforward configuration, Jack Wallen thinks CSF might be the right tool for the job.
βΌ CVE-2020-23026 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS).π Read
via "National Vulnerability Database".
π΄ Florida's Broward Health Confirms October 2021 Breach π΄
π Read
via "Dark Reading".
The Oct. 15 breach compromised personal medical information, including history, condition, diagnosis, and medical record number.π Read
via "Dark Reading".
Dark Reading
Florida's Broward Health Confirms October 2021 Breach
The Oct. 15 breach compromised personal medical information, including history, condition, diagnosis, and medical record number.
π΄ CISOs Plan What to Buy With Funds From the Infrastructure Bill π΄
π Read
via "Dark Reading".
CISOs welcome the cybersecurity funding allocated under the Infrastructure Investment and Jobs Act, but say itβs not perfect because it doesn't address a key issue: people.π Read
via "Dark Reading".
Dark Reading
CISOs Plan What to Buy With Funds From the Infrastructure Bill
CISOs welcome the cybersecurity funding allocated under the Infrastructure Investment and Jobs Act, but say itβs not perfect because it doesn't address a key issue: people.
βΌ CVE-2021-37111 βΌ
π Read
via "National Vulnerability Database".
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39967 βΌ
π Read
via "National Vulnerability Database".
There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39988 βΌ
π Read
via "National Vulnerability Database".
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.π Read
via "National Vulnerability Database".