‼ CVE-2021-36774 ‼
📖 Read
via "National Vulnerability Database".
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.📖 Read
via "National Vulnerability Database".
❌ Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying ❌
📖 Read
via "Threat Post".
The 'NoReboot' technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.📖 Read
via "Threat Post".
Threat Post
Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying
The 'NoReboot' technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.
🗓️ Java RMI services often vulnerable to SSRF attacks 🗓️
📖 Read
via "The Daily Swig".
Trust boundaries breached by security shortcomings📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Java RMI services often vulnerable to SSRF attacks
Trust boundaries breached by security shortcomings
🦿 Hackers exploit Google Docs in new phishing campaign 🦿
📖 Read
via "Tech Republic".
Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan.📖 Read
via "Tech Republic".
TechRepublic
Hackers exploit Google Docs in new phishing campaign | TechRepublic
Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan.
❌ Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover ❌
📖 Read
via "Threat Post".
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.📖 Read
via "Threat Post".
Threat Post
Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.
‼ CVE-2021-46076 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46070 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45744 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46079 ‼
📖 Read
via "National Vulnerability Database".
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46067 ‼
📖 Read
via "National Vulnerability Database".
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46068 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46069 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46075 ‼
📖 Read
via "National Vulnerability Database".
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46080 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46074 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46071 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46073 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46078 ‼
📖 Read
via "National Vulnerability Database".
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46072 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45745 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.📖 Read
via "National Vulnerability Database".
🕴 New Mac Malware Samples Underscore Growing Threat 🕴
📖 Read
via "Dark Reading".
A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments.📖 Read
via "Dark Reading".
Dark Reading
New Mac Malware Samples Underscore Growing Threat
A handful of malicious tools that emerged last year showed threat actors may be getting more serious about attacking Apple macOS and iOS environments.