Beijing Liangjing Zhicheng Technology Co., Ltd.'s Liangjing Mall Online Shop Shopping System Has Logic Flaws and Vulnerabilities

Liangjing Mall online store shopping system is a set of different types of goods, flexible multi-functional online store system, three-tier distribution PC + mobile + micro-site. Beijing Liangjing Zhicheng Technology Co., Ltd. Liangjing Mall online shopping system has a logic flaw vulnerability...

[SECURITY] [DSA 4701-1] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4701-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 11, 2020 https://www.debian.org/security/faq -...

Debian DSA-4696-1 : nodejs - security update

Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4696. The text itself i...

Huawei Data Communication: Memory Leak Vulnerability in Some Huawei Products (huawei-sa-20161221-02-ldp)

Some Huawei products have a memory leak vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...

firefox security update

68.9.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file Fri May 29 2020 Jan Horak - Update to 68.9.0 build1 - Added patch for pipewire 0.3 Mon May 11 2020 Jan...

vBulletin 5.6.1 SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin /ajax/api/contentinfraction/getIndexableContent nodeid Parameter SQL Injection', 'Description' = %q This module exploits a SQL injectio...

A new way to manage supply chain risk – Introducing the AICPA SOC for Supply Chain report

With the continuation of its System and Organization Controls SOC suite of services SOC 2®, SOC for Cybersecurity, etc., the American Institute of Certified Public Accountants AICPA has released a new report format that focuses on manufacturing and distribution supply chains. The AICPAs SOC for...

Debian DSA-4694-1 : unbound - security update

Two vulnerabiliites have been discovered in Unbound, a recursive-only caching DNS server; a traffic amplification attack against third-party authoritative name servers NXNSAttack and insufficient sanitisation of replies from upstream servers could result in denial of service via an infinite loop...

Code Execution Vulnerability in Ear Distribution Frontend

Ear Distribution is a content management system. A code execution vulnerability exists in the frontend of Ear Distribution. An attacker could gain server privileges by constructing malicious code...

[SECURITY] [DSA 4690-1] dovecot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4690-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2020 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-4687-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-2002

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center KDC before authenticating users. This affects all forms of authentication that use ...

PAN-OS: Spoofed Kerberos key distribution center authentication bypass

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center KDC before authenticating users. This affects all forms of authentication that use ...

Debian DSA-4682-1 : squid - security update

Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

[SECURITY] [DSA 4681-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4681-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 07, 2020 https://www.debian.org/security/faq -...

Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents

Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity,...

Cisco Adaptive Security Appliances Software Licensing Issues Vulnerability

Cisco Adaptive Security Appliances Software ASA Software is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides highly secure access to data and network resources and other features. An authorization issue vulnerability exists in Cisco ASA...

CVE-2020-3125

A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center KDC and bypass authentication on an affected device that is configured to perform Kerberos...

Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability

A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center KDC and bypass authentication on an affected device that is configured to perform Kerberos...

webERP 4.15.1 - Unauthenticated Backup File Access Vulnerability

Exploit for php platform in category web applications Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access Author: Besim ALTINOK Vendor Homepage: http://www.weberp.org Software Link: https://sourceforge.net/projects/web-erp/ Version: v4.15.1 Tested on: Xampp Credit: İsmail BOZKURT...