Hírolvasó

NVD: all CVE · 6 óra 38 perc

CVE-2020-19778

Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.
NVD: all CVE · 6 óra 38 perc

CVE-2020-21087

Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.
NVD: all CVE · 6 óra 38 perc

CVE-2020-21088

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
NVD: all CVE · 6 óra 38 perc

CVE-2020-36120

Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).
NVD: all CVE · 6 óra 38 perc

CVE-2021-26805

Buffer Overflow in the "add_a_user" function of tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.
NVD: all CVE · 6 óra 38 perc

CVE-2021-26812

Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.
NVD: all CVE · 6 óra 38 perc

CVE-2021-26827

Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router.
NVD: all CVE · 6 óra 38 perc

CVE-2021-26832

Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site.
NVD: all CVE · 6 óra 38 perc

CVE-2021-27113

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.
NVD: all CVE · 6 óra 38 perc

CVE-2021-27114

An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.
NVD: all CVE · 6 óra 38 perc

CVE-2021-27288

Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.
NVD: all CVE · 6 óra 38 perc

CVE-2021-27815

NULL Pointer Deference in the "actions.c" library of libexif exif v0.6.22 allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.
NVD: all CVE · 6 óra 38 perc

CVE-2021-27990

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.
ECHO Network · 6 óra 38 perc

Unpatched Microsoft Exchange Servers hit with cryptojacking

Microsoft logo at a Microsoft store in New York. (John Smith/VIEWpress) Written by Apr 14, 2021 | CYBERSCOOP. Shannon Vavra Hackers are hitting Microsoft Exchange Servers with a Monero cryptominer, according to Sophos research published Tuesday. The attackers, which Sophos does not identify, began....
ECHO Network · 6 óra 42 perc

Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities

Original release date: April 13, 2021 | Last revised: April 14, 2021

Microsoft's April 2021 Security Update mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019.

ECHO Network · 6 óra 42 perc

SAP Releases April 2021 Security Updates

Original release date: April 13, 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the

ECHO Network · 6 óra 42 perc

Google Releases Security Updates for Chrome

Original release date: April 13, 2021

Google has updated the stable channel for Chrome to 89.0.4389.128 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

ECHO Network · 6 óra 51 perc

FBI Removing Web Shells From Infected Exchange Servers

said on Tuesday. See Also: The 2021 Microsoft Vulnerabilities Report Since Friday, the FBI has been removing web shells, or scripts that allow remote access, from Exchange servers belonging to organizations in at least eight states, according to an unsealed application for a search warrant released by the DOJ.
Linux security Advisories · 6 óra 52 perc

RedHat: RHSA-2021-1202:01 Important: Red Hat JBoss Web Server 3.1 Service>

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
Linux security Advisories · 6 óra 54 perc

RedHat: RHSA-2021-1203:01 Important: Red Hat JBoss Web Server 3.1 Service>

An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,