DEBIAN-CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

UBUNTU-CVE-2020-4044

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This wi...

Screenspy - Capture user screenshots using shortcut file (Bypass SmartScreen/Defender)

Capture user screenshots using shortcut file Bypass SmartScreen/Defender. Suport Multi-monitor Legal disclaimer: Usage of ScreenSpy for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers...

Fedora 31 : fwupd (2020-ad1c74c2a1)

New upstream release - Actually reload the DFU device after upgrade has completed - Capture the dock SKU in report metadata - Correctly set the Logitech device protocol - Do not use shim for non-secure boot configurations - Ensure that the DeviceID is set for child devices - Fix an error when...

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...

How Facebook Helped FBI Capture a Notorious Child Abuser

By Waqas Facebook did something unexpcted. This is a post from HackRead.com Read the original post: How Facebook Helped FBI Capture a Notorious Child Abuser...

CVE-2020-0202

In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

IBM QRadar Network Packet Capture Information Disclosure Vulnerability

IBM QRadar Network Packet Capture is an optional QRadar appliance from IBM USA that can be used to store and manage data when no other network packet capture is available. IBM QRadar Network Packet Capture versions 7.3.0 through 7.3.3 Patch 1 and 7.4 An information disclosure vulnerability exists...

CVE-2020-0113

In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2019-4576

IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803...

Design/Logic Flaw

IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803...

CVE-2019-4576

IBM QRadar Network Packet Capture is affected by CVE-2019-4576 in versions 7.3.0–7.3.3 Patch 1 and 7.4.0 GA. The root cause is a default setting that does not enforce strong passwords, enabling potential account compromise. Impact is information disclosure with high potential impact to confidenti...

CVE-2019-4576

IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803...

Security Bulletin: IBM QRadar Network Packet Capture does not require that users should have strong passwords by default (CVE-2019-4576)

Summary IBM QRadar Network Packet Capture does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Vulnerability Details CVEID: CVE-2019-4576 DESCRIPTION: IBM QRadar Network Packet Capture does not require that users...

SQL injection vulnerability exists in kkcms (CNVD-2020-33124)

kkcms is an open source video capture and playback system . The system is mainly used to automatically capture film and television resources and provide online playback capabilities. kkcms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information database...

SQL injection vulnerability exists in kkcms (CNVD-2020-33119)

kkcms is an open source video capture and playback system . The system is mainly used to automatically capture film and television resources and provide online playback capabilities. kkcms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information database...

SQL injection vulnerability exists in kkcms (CNVD-2020-33116)

kkcms is an open source video capture and playback system . The system is mainly used to automatically capture film and television resources and provide online playback capabilities. kkcms SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information database...

HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...

KKCMS backend suffers from sql injection vulnerability

kkcms is an open source video capture and playback system. KKCMS backend suffers from sql injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database...