‼ CVE-2021-41506 ‼
📖 Read
via "National Vulnerability Database".
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system.📖 Read
via "National Vulnerability Database".
🗓️ Bug Bounty Radar // The latest bug bounty programs for July 2022 🗓️
📖 Read
via "The Daily Swig".
New web targets for the discerning hacker📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for July 2022
New web targets for the discerning hacker
🛠 Blue Team Training Toolkit (BT3) 2.9 🛠
📖 Read
via "Packet Storm Security".
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Blue Team Training Toolkit (BT3) 2.9 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2021-37778 ‼
📖 Read
via "National Vulnerability Database".
There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37770 ‼
📖 Read
via "National Vulnerability Database".
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.📖 Read
via "National Vulnerability Database".
❌ ZuoRAT Can Take Over Widely Used SOHO Routers ❌
📖 Read
via "Threat Post".
Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.📖 Read
via "Threat Post".
Threat Post
ZuoRAT Can Take Over Widely Used SOHO Routers
Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.
‼ CVE-2021-38941 ‼
📖 Read
via "National Vulnerability Database".
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22474 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22472 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31112 ‼
📖 Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38954 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2057 ‼
📖 Read
via "National Vulnerability Database".
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2058 ‼
📖 Read
via "National Vulnerability Database".
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.📖 Read
via "National Vulnerability Database".
‼ CVE-2013-4309 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22494 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22478 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22496 ‼
📖 Read
via "National Vulnerability Database".
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37791 ‼
📖 Read
via "National Vulnerability Database".
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22487 ‼
📖 Read
via "National Vulnerability Database".
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2056 ‼
📖 Read
via "National Vulnerability Database".
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1955 ‼
📖 Read
via "National Vulnerability Database".
Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.📖 Read
via "National Vulnerability Database".