-0.5AI Score
-0.5AI Score
-0.4AI Score
-0.2AI Score
Many individuals know about red groups ‒ moral programmers who test the security protections of an association by dispatching assaults in a controlled climate. Red groups are gone against by blue groups, who are entrusted with assessing an association’s security availability, forestalling red...
-0.4AI Score
Cross-site Scripting (XSS) - Stored in msaari/relevanssi
Description Good afternoon. Beginning on 12 October 2021, our XSS catcher started receiving callbacks from a group of sites that are using the Relevanssi plugin for Wordpress. It appears to us that the software is not properly filtering Unsuccessful searches before displaying the information to...
-0.3AI Score
Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services
SquirrelLang is an interpreted, open-source programming language that is used by video games and cloud services for customization and plugin development. For example, the extremely popular game Counter-Strike: Global Offensive (CS:GO) attracts millions of players on a monthly basis and utilizes...
0.2AI Score
0.005EPSS
-0.3AI Score
-0.1AI Score
6.1CVSS
6.3AI Score
EPSS
0.2AI Score
AI Score
6.1CVSS
-0.2AI Score
0.001EPSS
Description of the security update for SharePoint Foundation 2013: October 12, 2021 (KB5002042)
Description of the security update for SharePoint Foundation 2013: October 12, 2021 (KB5002042) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerabilities,...
8.1CVSS
7.2AI Score
0.163EPSS
Career Navigator talk for IT Hub College
Last week I gave a "Career Navigator" talk for the students of the IT Hub College in Moscow. By the way, this college has a very interesting practical information security program. If it is relevant for you, check it out. I've never talked so much about myself in public. It was like giving advises....
-0.5AI Score
0.2AI Score
7.4AI Score
-0.2AI Score
Informatica: CVE-2021-40870 in [███]
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. The IP has a SSL certificate pointing to Informatica LLC. curl -kvI...
9.8CVSS
9.6AI Score
0.934EPSS
Elastic: CVE-2021-40870 on [52.204.160.31]
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. The IP has a SSL certificate pointing to ElasticSearch. curl -kv...
9.8CVSS
2.5AI Score
0.934EPSS
Cachet 2.4: Code Execution via Laravel Configuration Injection
Status pages are now an essential service offered by all Software-as-a-Service companies (we do it too!). To help their adoption, startups quickly conceived status pages as-a-service, and open-source self-hosted alternatives were made available. Cachet, also sometimes referred to as CachetHQ, is a....
9.8CVSS
0.8AI Score
0.456EPSS
Description of the security update for SharePoint Foundation 2013: September 14, 2021 (KB5002024)
Description of the security update for SharePoint Foundation 2013: September 14, 2021 (KB5002024) Summary This security update resolves Microsoft SharePoint Server spoofing vulnerabilities. To learn more about the vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2021-38651...
7.6CVSS
5.9AI Score
0.001EPSS
A3: Sensitive Data Exposure ❗️ — Top 10 OWASP 2017
A3: Sensitive Data Exposure ❗️ — Top 10 OWASP 2017 Introduction I feel like a lot of mystery surrounds this issue from the top 10 OWASP vulnerabilities. A lot of people seem to wonder which data is sensitive when exposed. Some people seem to think every single API key disclosed in a JS file is a...
7.5CVSS
7.7AI Score
0.001EPSS
7.4AI Score
1.3AI Score
1AI Score
ECOA Building Automation System Remote Privilege Escalation
Title: ECOA Building Automation System Remote Privilege Escalation Advisory ID: ZSL-2021-5677 Type: Local/Remote Impact: Privilege Escalation Risk: (4/5) Release Date: 08.09.2021 Summary 1 The Risk-Terminator Web Graphic control BEMS (Building Energy Management System) are designed to provide...
8.8CVSS
8.9AI Score
0.001EPSS
Watch what you send on anonymous SMS websites
It's a good idea to try and keep certain things private. For example, people have been using anonymous email services for years. These either hide your real email address, or replace it entirely for specific tasks. Folks will go one step further, setting aliases for each service they sign up to....
-0.5AI Score
Cisco Patches Critical Bug With Public Exploit
Cisco has patched a near-max critical bug in its NFVIS software for which there’s a publicly available proof-of-concept (PoC) exploit. On Wednesday, Cisco released patches for the flaw – an authentication bypass vulnerability in Enterprise NFV Infrastructure Software (NFVIS) that’s tracked as...
8.1CVSS
0.4AI Score
0.068EPSS
td-is.cz Cross Site Scripting vulnerability OBB-2131339
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its...
AI Score
Ghost CMS 4.3.2 - Cross-Origin Admin Takeover
Ghost is one of the most popular Node.js-based Content Management Systems (CMS). According to the vendor, there are currently more than 2.5 million installs of it and the project has more than 38k stars on GitHub. During our research on open-source applications, we analyzed the code and found a...
6.1CVSS
-0.3AI Score
0.015EPSS
NetModule Router Software Password Handling / Session Fixation Vulnerability
NetModule Router Software versions prior to 4.3.0.113, 4.4.0.111, and 4.5.0.105 suffer from insecure password handling and session fixation...
9.8CVSS
0.4AI Score
0.003EPSS
-0.1AI Score
0.003EPSS
elFinder - A Case Study of Web File Manager Vulnerabilities
An application’s interaction with the file system is always highly security sensitive, since minor functional bugs can easily be the source of exploitable vulnerabilities. This observation is especially true in the case of web file managers, whose role is to replicate the features of a complete...
9.8CVSS
-0.1AI Score
0.973EPSS
0.5AI Score
0.8AI Score
0.7AI Score
0.5AI Score
7.4AI Score
7.4AI Score
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Advisory ID: ZSL-2021-5665 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information Risk: (3/5) Release Date: 15.08.2021 Summary COMMAX Smart Home System is a smart IoT home...
6.8AI Score
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Advisory ID: ZSL-2021-5666 Type: Local/Remote Impact: Manipulation of Data, DoS Risk: (4/5) Release Date: 15.08.2021 Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment...
7.4AI Score
phpfastcache - phpinfo Resource Exposure
phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via...
5.4CVSS
4.5AI Score
0.006EPSS
ifw8 Router ROM v4.31 - Credential Discovery
ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source...
7.5CVSS
7.4AI Score
0.024EPSS
Buffalo和Arcadyan多款路由器认证绕过RCE等多个漏洞
Tenable has discovered multiple vulnerabilities in routers manufactured by Arcadyan. During the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying...
9.8CVSS
0.2AI Score
0.975EPSS
Connected Farms Easy Pickings for Global Food Supply-Chain Hack
A group of hackers made an unnerving DEF CON 29 presentation showing how the sprawling growth of digital and automated farming has left the world’s food supply chain vulnerable to cyberattack. A video for DEF CON 29 hacker conference this week put out by the group Sick Codes explained that modern.....
4.9CVSS
-0.3AI Score
0.001EPSS
Debian DSA-4949-1 : jetty9 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4949 advisory. In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a...
9.8CVSS
7.4AI Score
0.028EPSS
There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions...
7.8CVSS
7.6AI Score
0.0004EPSS
Defending Against Malicious Cyber Activity Originating from Tor
Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the Cybersecurity Security and Infrastructure...
9.2AI Score
7.1AI Score