CVE-2021-21632

A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins...

Jenkins Team Foundation Server 跨站请求伪造漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

PT-2021-14680 · Jenkins · Jenkins Team Foundation Server Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Team Foundation Server Plugin versions 5.157.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credential...

Watch Out! That Android System Update May Contain A Powerful Spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go...

CVE-2021-29255

MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials...

CVE-2021-22191

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file...

DEBIAN-CVE-2021-22191

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file...

CVE-2021-22191

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file...

UBUNTU-CVE-2021-22191

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file...

CVE-2021-22191

CVE-2021-22191 affects Wireshark up to versions 3.4.3 and 3.2.11 (pre-release fix), with vulnerability described as improper URL handling that can enable remote code execution via crafted packets or capture files. The root cause, as reported in connected sources, involves how certain URL fields i...

CVE-2021-22191

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file...

CVE-2021-22191

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file...

CVE-2020-35221

The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers with access to a network capture to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original...

FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies. One such group is FIN8, a financially motivated threat...

CVE-2021-3417

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...

CVE-2021-21329

RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b...

CVE-2021-21329 Multi Factor Authentication Token Improperly Validated On User Login

RATCF is an open-source framework for hosting Cyber-Security Capture the Flag events. In affected versions of RATCF users with multi factor authentication enabled are able to log in without a valid token. This is fixed in commit cebb67b...

CVE-2021-21329

CVE-2021-21329 affects the RATCF open-source framework. The vulnerability allows users with MFA enabled to log in without a valid token, indicating an authentication bypass in the login flow. The issue is fixed in commit cebb67b9d16a8296121201805332365ffccb29638. Connected feeds corroborate the M...

RATCF 授权问题漏洞

RATCF is an open source framework for hosting Cyber-Security Capture the Flag events. RATCF suffers from an authorization issue vulnerability that originates from the fact that a user with multi-factor authentication enabled can log in without a valid token...

packetStrider - A Network Packet Forensics Tool For SSH

packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with AKA Why?...