‼ CVE-2021-45226 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46451 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via the pid parameter in the load_file function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21711 ‼
📖 Read
via "National Vulnerability Database".
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36349 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21710 ‼
📖 Read
via "National Vulnerability Database".
ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting (XSS) vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which displays the shortdesc property. This is achieved using the wikitext `{{SHORTDESC:<img src=x onerror=alert()>}}`. This issue has a patch in version 2.3.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42168 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45225 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43589 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45224 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43588 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45222 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43420 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36342 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23126 ‼
📖 Read
via "National Vulnerability Database".
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45223 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes.📖 Read
via "National Vulnerability Database".
❌ Surge in Malicious QR Codes Sparks FBI Alert ❌
📖 Read
via "Threat Post".
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.📖 Read
via "Threat Post".
Threat Post
Surge in Malicious QR Codes Sparks FBI Alert
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data, money and drop malware.
🕴 The Case for Backing Up Source Code 🕴
📖 Read
via "Dark Reading".
As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.📖 Read
via "Dark Reading".
Dark Reading
The Case for Backing Up Source Code
As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.
❌ MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists ❌
📖 Read
via "Threat Post".
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.📖 Read
via "Threat Post".
Threat Post
MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
🕴 DHS Sounds Alarm on Potential for Major Russian Cyberattacks on US 🕴
📖 Read
via "Dark Reading".
Latest bulletin out of DHS advises state and local governments, critical infrastructure operators to be on alert.📖 Read
via "Dark Reading".
Dark Reading
DHS Sounds Alarm on Potential for Major Russian Cyberattacks on US
Latest bulletin out of DHS advises state and local governments, critical infrastructure operators to be on alert.
🕴 Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open 🕴
📖 Read
via "Dark Reading".
New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.📖 Read
via "Dark Reading".
Dark Reading
Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open
New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
‼ CVE-2022-0177 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository mrdoob/three.js prior to 0.137.0.📖 Read
via "National Vulnerability Database".