Vulnerabilities

Vulnerabilities

  

CVE-2021-32001

A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of SUSE Rancher allows any user with direct access to

  

CVE-2021-32000

A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3,

  

Jukka Ruohonen

Latest articles about LinuxRead More

  

Jukka Ruohonen

Latest articles about Operating SystemsRead More

  

Jukka Ruohonen

Latest articles about Database Management SystemsRead More

  

CVE-2020-5004

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the

  

CVE-2020-4974

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send

  

SUSE Rancher kde2 missing encryption [CVE-2021-32001]

A vulnerability was found in SUSE Rancher (version unknown). It has been classified as problematic. Affected is an unknown code

  

SUSE Linux Enterprise Server/openSUSE Factory clone-master-clean-up.sh symlink

A vulnerability was found in SUSE Linux Enterprise Server and openSUSE Factory (Operating System) (unknown version) and classified as critical.

  

video.js up to 7.14.2 track Tag src cross site scripting

A vulnerability was found in video.js up to 7.14.2 (JavaScript Library). It has been declared as problematic. Affected by this

  

Fedora 33: glibc 2021-3f4132bb56>

Latest articles about Operating SystemsRead More

  

CVE-2021-26082

The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and

  

CVE-2021-26081

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from

  

CVE-2021-26083

Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and

  

Zoho ManageEngine ADManager Plus up to 7109 cross site scripting

A vulnerability was found in Zoho ManageEngine ADManager Plus up to 7109. It has been classified as problematic. This affects

  

Hashicorp Consul/Consul Enterprise up to 1.10.0 xds access control

A vulnerability was found in Hashicorp Consul and Consul Enterprise up to 1.10.0 and classified as critical. Affected by this

  

IRC Proceedings: Saturday, July 17, 2021

Latest articles about Operating SystemsRead More

  

uBlock Origin/nMatrix of memory allocation

A vulnerability was found in uBlock Origin and nMatrix (unknown version). It has been rated as problematic. This issue affects

  

Zoho ManageEngine ADManager Plus up to 7109 cross site scripting

A vulnerability was found in Zoho ManageEngine ADManager Plus up to 7109. It has been declared as problematic. This vulnerability

  

[Meme] European Patent Mill

Latest articles about Operating SystemsRead More

  

View all posts in Security

Latest articles about Operating SystemsRead More

  

openSUSE: 2021:1052-1 moderate: fossil>

An update that contains security fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More

  

openSUSE: 2021:1050-1 moderate: fossil>

An update that contains security fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More

  

openSUSE: 2021:1051-1 moderate: fossil>

An update that contains security fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More

  

Fedora 34: firefox 2021-722e2543fe>

New upstream version (90.0) Disabled Wayland on KDE by default due to popup bugs.LinuxSecurity – Security AdvisoriesRead More

  

Fedora 33: chromium 2021-ca58c57bdf>

Fix crash in ThemeService (thanks to OpenSUSE) —- Security fixes. CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515

  

Gentoo: GLSA-202107-41: Dovecot: Multiple vulnerabilities>

Multiple vulnerabilities have been found in Dovecot, the worst of which could result in a Denial of Service condition.LinuxSecurity –

  

CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows

  

Trusted Platform Module 2.0 in Windows 11

Latest articles about CryptographyRead More

  

Hashicorp Consul/Consul Enterprise up to 1.10.0 certificate validation

A vulnerability has been found in Hashicorp Consul and Consul Enterprise up to 1.10.0 and classified as problematic. Affected by

  

Zoho ManageEngine ADManager Plus up to 7109 Privilege Escalation

A vulnerability, which was classified as critical, was found in Zoho ManageEngine ADManager Plus up to 7109. Upgrading to version

  

NFC Flaws Let Researchers Hack ATMs by Waving a Phone

For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a

  

CVE-2021-20745

Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by

  

CVE-2021-20750

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series)

  

Why Security is Paramount in a Digital-First Economy?

By Manish Israni In today’s digital-first world, businesses are rethinking their approach to security . Instead of a traditional reactive

  

Jukka Ruohonen

Abstract The loading of resources from third-parties has evoked new security and privacy concerns about the current world wide web.

  

Jukka Ruohonen

Abstract The loading of resources from third-parties has evoked new security and privacy concerns about the current world wide web.

  

Jukka Ruohonen

Abstract The loading of resources from third-parties has evoked new security and privacy concerns about the current world wide web.

  

NFC Flaws Let Researchers Hack ATMs by Waving a Phone

For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a

  

EC-CUBE up to 3.0.18-p2/4.0.5-p1 cross site scripting [CVE-2021-20750]

A vulnerability classified as problematic was found in EC-CUBE up to 3.0.18-p2/4.0.5-p1 (E-Commerce Management Software). This vulnerability affects some unknown

  

Hitachi Virtual File Platform prior 5.5.3-09/6.4.3-09 os command injection

A vulnerability classified as critical has been found in Hitachi Virtual File Platform. This affects an unknown code block. Upgrading

  

Popular Posts Plugin up to 5.3.2 on WordPress cross site scripting

A vulnerability was found in Popular Posts Plugin up to 5.3.2 on WordPress (WordPress Plugin). It has been rated as

  

Fudousan Plugin up to 5.7.0 cross site scripting [CVE-2021-20749]

A vulnerability was found in Fudousan Plugin, Fudousan Plugin Pro Single-User Type and Fudousan Plugin Pro Multi-User Type up to

  

Inkdrop up to 5.3.0 Snippet os command injection

A vulnerability has been found in Inkdrop up to 5.3.0 and classified as critical. Affected by this vulnerability is some

  

Mermaid up to 8.10.x Antiscript cross site scripting

A vulnerability, which was classified as problematic, was found in Mermaid up to 8.10.x. Affected is an unknown functionality of

  

EC-CUBE up to 4.0.5-p1 cross site scripting [CVE-2021-20751]

A vulnerability, which was classified as problematic, has been found in EC-CUBE up to 4.0.5-p1 (E-Commerce Management Software). This issue

  

一个实验了解多层内网渗透

近年来,攻击者潜伏在企业内网进行攻击的安全事件屡见不鲜,攻击者在经常会企业的内网进行横向渗透,令防守方防不胜防。因此,我们应该严格控制好网络区域之间的访问规则,加大攻击横向渗透的阻力。本文由锦行科技的安全研究团队提供,旨在通过实验演示进一步了解攻击者是如何在多层内网进行的渗透。 1.实验简介. 网络拓扑图. 渗透机:win10+kali. 第一层靶机 (外网web服务器): Linux. 第二场靶机 (内网web服务器): Linux. 第三层靶机 (内网办公机) : win7. 用三层网络来模拟内外网环境,主要了解MSF、内网转发等。 2.环境搭建. 第一层网络.Latest articles about Operating

  

[webapps] WordPress Plugin YOP Polls 6.2.7 – Stored Cross Site Scripting (XSS)

# Exploit Title: WordPress Plugin YOP Polls 6.2.7 – Stored Cross Site Scripting (XSS) # Date: 09/06/2021 # Exploit Author:

  

通达OA的SQL注入和RCE及getshell漏洞复现

漏洞复现. 通达OA的SQL注入和RCE及getshell漏洞复现,版本为11.6. 深信服EDR的RCE漏洞复现,版本影响范围【查询日程】位置. 漏洞文件:webrootgeneralappbuildermodulescalendarmodelsCalendar.php。 get_callist_data函数接收传入的begin_date变量未经过滤直接拼接在查询语句中造成注入。 利用条件: 一枚普通账号登录权限,但测试后,发现一些低版本无需登录也可注入。 2、SQL 注入.Latest articles about Database Management SystemsRead More

  

CVE-2021-23399

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible

  

一个实验了解多层内网渗透

近年来,攻击者潜伏在企业内网进行攻击的安全事件屡见不鲜,攻击者在经常会企业的内网进行横向渗透,令防守方防不胜防。因此,我们应该严格控制好网络区域之间的访问规则,加大攻击横向渗透的阻力。本文由锦行科技的安全研究团队提供,旨在通过实验演示进一步了解攻击者是如何在多层内网进行的渗透。 1.实验简介. 网络拓扑图. 渗透机:win10+kali. 第一层靶机 (外网web服务器): Linux. 第二场靶机 (内网web服务器): Linux. 第三层靶机 (内网办公机) : win7. 用三层网络来模拟内外网环境,主要了解MSF、内网转发等。 2.环境搭建. 第一层网络.Latest articles about LinuxRead

  

Websvn 2.6.0 Remote Code Execution

Topic: Websvn 2.6.0 Remote Code Execution Risk: High Text:# Exploit Title: Websvn 2.6.0 – Remote Code Execution (Unauthenticated) # Date:

  

rConfig Shell Upload

Topic: rConfig Shell Upload Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-…CXSECURITY Database RSS Feed

  

Lightweight facebook-styled blog 1.3 Remote Code Execution (RCE) (Authenticated) (Metasploit)

Topic: Lightweight facebook-styled blog 1.3 Remote Code Execution (RCE) (Authenticated) (Metasploit) Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download

  

Debian: DSA-4934-1: intel-microcode security update>

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 – ————————————————————————- Debian Security Advisory DSA-4934-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2021

  

Websvn 2.6.0 Remote Code Execution

# Exploit Title: Websvn 2.6.0 – Remote Code Execution (Unauthenticated) # Date: 20/06/2021 # Exploit Author: g0ldm45k # Vendor Homepage:

  

Websvn 2.6.0 Remote Code Execution

# Exploit Title: Websvn 2.6.0 – Remote Code Execution (Unauthenticated) # Date: 20/06/2021 # Exploit Author: g0ldm45k # Vendor Homepage:

  

Debian: DSA-4934-1: intel-microcode security update>

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 – ————————————————————————- Debian Security Advisory DSA-4934-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2021