Sophisticated Info-Stealer Targets Air-Gapped Devices via USB

The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices. Cycldek a.k.a. Goblin Panda, APT 27 and Conimes has been targeting governments in Southeast Asia since 2013, according to analysis from Kaspersky, and has been...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: User Email Verification Bypass OAuth Flow Missing Email Verification Checks Notification Email Verification Bypass Undisclosed Vulnerability on a Third-Party Rendering Engine Group Sign-Up Restriction Bypass Mirror Project Owner Impersonation Missing Permission Check on Fork...

Tiny File Manager path traversal vulnerability (CNVD-2020-27486)

Tiny File Manager is a web-based open source file manager. Tiny File Manager path traversal vulnerability. An attacker can use this vulnerability to enumerate directories and files on the file system...

Adobe Digital Editions File Enumeration Vulnerability

Adobe Digital Editions DE is a set of e-book reading management software from the American company Audobee Adobe. The software supports open, read and manage PDF, XML, Flash and other formats. Adobe Digital Editions has a security vulnerability. An attacker can exploit the vulnerability to obtain...

Adobe Digital Editions Information Disclosure Vulnerability (APSB20-23) - Windows

Adobe Digital Edition is prone to an information disclosure vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

DNN Information Disclosure Vulnerability

DNN also known as DotNetNuke is a set of U.S. DNN by Microsoft support , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. DNN formerly DotNetNuke 9.5 version of the embedded...

CVE-2020-11585

CVE-2020-11585 affects DNN (DotNetNuke) 9.5 in the built-in Activity-Feed/Messaging/Userid/Message Center module. A registered user can enumerate arbitrary files in the Admin File Manager (excluding secure folders) by sending themselves a message with a file attached, utilizing an arbitrary small...

CVE-2020-9323

Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx...

CVE-2020-9323

Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx...

Design/Logic Flaw

Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx...

CVE-2020-9323

CVE-2020-9323 affects Aquaforest TIFF Server 4.0 and allows unauthenticated enumeration of files and directories via the tiffserver/tssp.aspx endpoint. The root cause is an information-disclosure vulnerability in a networked TIFF server, enabling an attacker with network access to enumerate poten...

Micro Focus AcuToWeb Information Disclosure Vulnerability

Micro Focus AcuToWeb is a suite of web and mobile deployment solutions for ACUCOBOL applications from Micro Focus UK. An information disclosure vulnerability exists in Micro Focus AcuToWeb all supported versions. An attacker could exploit this vulnerability to enumerate files on the file system...

CVE-2019-17087

Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under...

CoreFTP Server SIZE Directory Traversal

Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal Metasploit Google Dork: N/A Date: 8/20/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link: http://www.coreftp.com/server/index.html Version: Firmware: CoreFTP Server FTP ...

Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability

Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS is a set of Linux-based infrastructure software from Cisco. The software is mainly used for designing, deploying and managing network services and dynamically deploying virtualized network functions on supported Cisco...

CVE-2019-12623

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different...

CVE-2019-12623

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different...

Design/Logic Flaw

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different...

CVE-2019-12623 Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different...

CVE-2019-12623

CVE-2019-12623 affects Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) web server. In NFVIS versions prior to 3.12.1, the web server responds with different error codes for existing versus non-existing files, enabling an authenticated remote attacker to enumerate...