Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310.
Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28325.
Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks
FYI of some big news regarding publicly exposed vulnerabilities that are being hit. I highly suggest to check your security capabilities against the associated CVEs. Original post found The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal....
The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669. I agree that my submitted data is being collected and stored. For further details on handling user data, see our ....
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.
Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources.
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
. Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks. The Biden administration Thursday officially blamed Russia's Foreign Intelligence Service, SVR, for the cyberattack on SolarWinds and announced sanctions....
Zero day vulnerabilities in smart air fryer allow hackers to overcook food or burn hand or leak your personal data
Cybersecurity specialists reported the detection of at least two critical vulnerabilities in the COSORI SMART WIFI air fryer, an Internet-enabled air fryer that is popular with Amazon . Users of the COSORI Smart WiFi air fryer can control the device through a app, taking full control of the functions of this new utensil.
MS-ISAC ADVISORY NUMBER: 2021-050 DATE(S) ISSUED: 04/15/2021 OVERVIEW: A vulnerability has been discovered in Juniper Junos OS that could allow for remote code execution. Junos OS is a single network operating system providing a common language across Juniper's routing, switching and security devices.
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.
# Exploit Title: htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS) # Authors: @nu11secur1ty & G.Dzhankushev # Date: 04.15.2021 # Vendor Homepage: https://www.htmly.com/ # Software Link: https://github.com/danpros/htmly # CVE: CVE-2021-30637 #!/usr/bin/python3 from selenium import webdriver from selenium.
# Exploit Title: glFTPd 2.11a - Remote Denial of Service # Date: 15/05/2021 # Exploit Author: xynmaps # Vendor Homepage: https://glftpd.io/ # Software Link: https://glftpd.io/files/glftpd-LNX-2.11a_1.1.1k_x64.tgz # Version: 2.11a # Tested on: Parrot Security OS 5.9.
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.
Adobe Digital Editions version 22.214.171.124245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user.
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. COMPANY. Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.
SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. COMPANY. Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.