CVE-2021-36748

A SQL Injection issue in the list controller of the Prestahome Blog aka phsimpleblog module before 1.7.8 for Prestashop allows a remote attacker to extract data from the database via the sbcategory parameter...

Prestashop SQL注入漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods, SMS alerts and product image scaling and other features. Prestashop 1.7.8 before the version of the SQL injection vulnerability , the vulnerability stems...

New Trickbot attack setup fake 1Password installer to extract data

By Waqas The fake 1Password installer is used to launch Cobalt Strike helping the attackers collect information about multiple systems in the network. This is a post from HackRead.com Read the original post: New Trickbot attack setup fake 1Password installer to extract data...

ICSA-21-222-08_Siemens Solid Edge

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Improper Restriction of XML External Entity Reference, Use After Free, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Bosch IP cameras 访问控制错误漏洞

Bosch IP cameras are German Bosch network cameras A security vulnerability in Bosch IP cameras, which stems from a lack of authentication in a critical function of the cameras, allows an unauthenticated remote attacker to extract sensitive information or change camera settings by sending a crafte...

Siemens Simcenter Femap

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed and may allow arbitrary remote code execution...

D-Link DIR-868L Information Disclosure Vulnerability

The D-Link DIR-868L is a wireless AC1750 dual-band Gigabit cloud router. A credential disclosure vulnerability exists in the D-Link DIR-868L version 3.01. An attacker can exploit this vulnerability by decompiling the firmware to access the firmware and extract sensitive data...

CVE-2020-29324

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...

CVE-2020-29323

The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...

Command injection

The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...

Design/Logic Flaw

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...

D-Link DIR-868L 信息泄露漏洞

The D-Link DIR-868L is a wireless AC1750 dual-band Gigabit cloud router. A credential disclosure vulnerability exists in the D-Link DIR-868L version 3.01. An attacker can exploit this vulnerability by decompiling the firmware to access the firmware and extract sensitive data...

Yes/No Chart < 1.0.12 - Authenticated (contributor+) Blind SQL Injection

The plugin did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users contributor+ to perform Blind SQL Injection attacks PoC To exploit, the site administrator must add a question set and a question first. This requirement is usually met for...

SonicWall 802.11 Frame Aggregation and Fragmentation Vulnerabilities (FragAttacks)

Vulnerabilities in IEEE 802.11 implementation were found. These vulnerabilities could allow an attacker to inject malicious frames into legitimate WiFi traffic. The discovered vulnerabilities affect all modern security protocols of WiFi, including the latest WPA3. Successful exploitation of these...

Command injection in Apache Flink

A vulnerability in Apache Flink where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reportername.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind th...

Columbo - A Computer Forensic Analysis Tool Used To Simplify And Identify Specific Patterns In Compromised Datasets

Columbo is a computer forensic analysis tool used to simplify and identify specific patterns in compromised datasets. It breaks down data to small sections and uses pattern recognition and machine learning models to identify adversaries behaviour and their possible locations in compromised Window...

CVE-2021-29343

Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code...

ThinkSAAS SQL Injection Vulnerability (CNVD-2021-27807)

ThinkSAAS is a lightweight php open source community system , is a can be used to build discussion groups , bbs forums and circles open open source community system . ThinkSAAS before version 3.38 SQL injection vulnerability exists . The vulnerability is caused by the...

Fedora 32 : switchboard-plug-bluetooth (2021-7d55c00267)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-7d55c00267 advisory. - Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the...

CVE-2021-21367

Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running in discoverable mode, Bluetooth service requests and pairing requests are automatically accepted, allowing physically...