Diebold ATM Terminals Jackpotted Using Machine’s Own Software

Cybercriminals are using software from leading ATM manufacturer Diebold in a series of hacks against cash terminals across Europe, forcing the machines to dispense cash to crooks. Criminals using a black-box device common with these type of attacks have increased their activity across Europe by...

CVE-2020-15537

An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box...

AVM FRITZ!Box 7581 and 7582 < 7.13 Information Disclosure Vulnerability (Kr00k)

AVM FRITZ!Box 7581 and 7582 devices are prone to an information disclosure vulnerability dubbed SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Cross site scripting

CALDERA 2.7.0 allows XSS via the Operation Name box...

CVE-2020-14462

CALDERA 2.7.0 allows XSS via the Operation Name box...

The vulnerability of the Java library Apache PDFBox in the Oracle Retail Xstore Point of Service software allows a hacker to cause service interruptions.

The vulnerability of the Java library Apache PDFBox in the Oracle Retail Xstore Point of Service software lies in insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures using specially created malicious PDF files...

The software for managing Cisco Firepower Device Manager On-Box devices is vulnerable due to insufficient validation of input data. This vulnerability allows a perpetrator to rewrite any files in the basic operating system of the vulnerable device.

The software vulnerability of Cisco Firepower Device Manager On-Box exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to rewrite any files in the basic operating system of the vulnerable device by loading a malicious file...

September 24, 2019 — KB4515841 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709

September 24, 2019 — KB4515841 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1709 includes cumulative reliability improvements in Microsoft .NET Framework 4....

The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box allows a hacker to trigger a maintenance failure.

The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box devices is related to an operation where data escapes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...

Wowza Media Systems Streaming Engine Cross-Site Scripting Vulnerability

Wowza Media Systems Streaming Engine is a suite of streaming media server software from Wowza Media Systems in the United States. A cross-site scripting vulnerability exists in the server selection box on the login page of enginemanager/loginfailed.html in Wowza Media Systems Streaming Engine 4.x...

CVE-2019-19456

A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine = 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0...

Cross site scripting

A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine = 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0...

CVE-2019-19456

CVE-2019-19456 describes a reflected XSS in Wowza Streaming Engine (

VulnCheck KEV: CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

CVE-2020-3310

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could...

CVE-2020-3309

A vulnerability in Cisco Firepower Device Manager FDM On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this...

Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite Vulnerability

A vulnerability in Cisco Firepower Device Manager FDM On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this...

Beeline Smart Box Operating System Command Injection Vulnerability

The Beeline Smart Box is a wireless router from the Russian company Beeline. A security vulnerability exists in Beeline Smart Box version 2.0.38. An attacker can exploit this vulnerability via the 'Ping pingipaddr', 'Nslookup nslookupipaddr' or 'Traceroute tracerouteipaddr' parameters to execute...

CVE-2020-12246

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...

CVE-2020-12246

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...