CVE-2020-11129

Technical details about CVE-2020-11129 are not publicly available in the provided connected documents; the initial entry notes a memory use-after-free in camera capture on Snapdragon devices. Monitor for updates.

Security Bulletin: Datacap Taskmaster Capture, Datacap Fastdoc Capture and Datacap Navigator is affected by vulnerability due to unexpected authentication behavior

Summary Datacap Taskmaster Capture, Datacap Fastdoc Capture and Datacap Navigator has addressed the vulnerability which could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. Vulnerability Details CVEID: CVE-2018-1773 DESCRIPTION: IBM...

SQL injection vulnerability exists in kkcms (CNVD-2020-58510)

kkcms is an open source video capture and playback system. SQL injection vulnerability exists in kkcms. Attackers can exploit the vulnerability to obtain sensitive information in the database...

Cross-site Scripting (XSS) - Stored in arachnys/cabot

Description Executed Persistent stored XSS in cabot check settings, as well as the address field. As per CVEs present Stored XSS is a High Severity bug. Proof of Concept 1. setup cabot to reproduce the vulnerability 2. create an account now login to the account 3. Go to checks Create and navigate...

Evilnum hackers targeting financial firms with a new Python-based RAT

An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan RAT that can steal passwords, documents, browser cookies, email credentials, and other sensitive information. In an analysis published by Cybereas...

CVE-2020-13946

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and...

Dopple-Ganging Up on Facial Recognition

ARCHIVED STORY Dopple-ganging up on Facial Recognition Systems By Steve Povolny · August 25, 2020 Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced Analytics Team Special thanks to Kyle Baldes, Former McAf...

SecGen - Create Randomly Insecure VMs

SecGen creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create randomly vulnerable virtual machines that can ...

CVE-2020-2234

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

CVE-2020-2235

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

CVE-2020-2234

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

CVE-2020-2234

CVE-2020-2234 affects Jenkins Pipeline Maven Integration Plugin

Security Bulletin: JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022)

Summary JQuery as used by IBM QRadar Network Packet Capture is vulnerable to Cross Site Scripting XSS Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attack...

CVE-2020-9526

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising...

pwnstudy

The provided context is a GitHub repository named "zhangbo123321/pwnstudy" containing a file named "Article/2018西普杯全国高校信息安全铁人三项大赛-河南赛区个人赛题解.md". This file appears to be a solution to a CTF Capture The Flag challenge, specifically a pwn challenge, from a 2018 national collegiate cybersecurity...

Dockerfiles

This repository is a collection of Dockerfiles for CTF Capture The Flag challenges running on SniperOJ. The Dockerfiles are used to build a vulnerable environment for the challenges, which can be solved by participants. The repository contains various challenges, including web-based and pwn...

CVE-2020-13699

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either...

CVE-2020-15688

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel...

Authentication flaw

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel...

The vulnerability of the microprogrammed industrial Ethernet switch Moxa MGate 5105-MB-EIP, related to the bypassing of authentication through capture/replay, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the microprogrammed industrial Ethernet switch Moxa MGate 5105-MB-EIP lies in its ability to bypass authentication through capture/replay. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...