βΌ CVE-2021-45991 βΌ
π Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46228 βΌ
π Read
via "National Vulnerability Database".
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46232 βΌ
π Read
via "National Vulnerability Database".
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45742 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24170 βΌ
π Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45998 βΌ
π Read
via "National Vulnerability Database".
D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44247 βΌ
π Read
via "National Vulnerability Database".
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.π Read
via "National Vulnerability Database".
ποΈ Open Source Security Foundation launches new initiative to stem the tide of software supply chain attacks ποΈ
π Read
via "The Daily Swig".
Alpha-Omega Project aims to improve software supply chain security for 10,000 OSS projectsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Open Source Security Foundation launches new initiative to stem the tide of software supply chain attacks
Alpha-Omega Project aims to improve software supply chain security for 10,000 OSS projects
βΌ CVE-2022-23316 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44899 βΌ
π Read
via "National Vulnerability Database".
Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44903 βΌ
π Read
via "National Vulnerability Database".
Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44900 βΌ
π Read
via "National Vulnerability Database".
Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44901 βΌ
π Read
via "National Vulnerability Database".
Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46320 βΌ
π Read
via "National Vulnerability Database".
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.π Read
via "National Vulnerability Database".
β Attackers Target Intuit Users by Threatening to Cancel Tax Accounts β
π Read
via "Threat Post".
The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.π Read
via "Threat Post".
Threat Post
Attackers Target Intuit Users by Threatening to Cancel Tax Accounts
The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.
ποΈ Vulnerabilities in Cisco Small Business routers could allow unauthenticated attackers persistent access to internal networks ποΈ
π Read
via "The Daily Swig".
Critical security bugs inherited by multiple productsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerabilities in Cisco Small Business routers could allow unauthenticated attackers persistent access to internal networks
Critical security bugs inherited by multiple products
π΄ Want to Be an Ethical Hacker? Here's Where to Begin π΄
π Read
via "Dark Reading".
By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.π Read
via "Dark Reading".
Dark Reading
Want to Be an Ethical Hacker? Here's Where to Begin
By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.
ποΈ Google Drive integration errors created SSRF flaws in multiple applications ποΈ
π Read
via "The Daily Swig".
Bug hunter earned $17k bounty for HelloSign bugπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google Drive integration errors created SSRF flaws in multiple applications
Bug hunter earned $17k bounty for HelloSign bug
βΌ CVE-2021-44983 βΌ
π Read
via "National Vulnerability Database".
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.π Read
via "National Vulnerability Database".
β S3 Ep68: Bugs, scams, privacy β¦and fonts?! [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep68: Bugs, scams, privacy β¦and fonts?! [Podcast + Transcript]
Latest episode β listen now!
π΄ China-Linked Group Attacked Taiwanese Financial Firms for 18 Months π΄
π Read
via "Dark Reading".
The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.π Read
via "Dark Reading".
Dark Reading
China-Linked Group Attacked Taiwanese Financial Firms for 18 Months
The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.