TeamPass Authorization Control Vulnerability

TeamPass is an open source password manager. A security vulnerability exists in the REST API functionality in TeamPass 2.1.27.36 and earlier versions. An attacker can exploit this vulnerability to gain TeamPass administrator privileges and read or change all passwords...

CVE-2020-11016

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

Design/Logic Flaw

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

Directory traversal

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value in the POST method from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the...

CVE-2020-12251

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value in the POST method from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the...

Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload

Hi, An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value in the POST method from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the...

PT-2020-13034

Name of the Vulnerable Software and Affected Versions Tiny File Manager version 2.4.1 Description The issue allows authenticated users to enumerate directories and files on the filesystem outside of the application scope due to a Path Traversal vulnerability in the ajax recursive directory listin...

New Zoom vulnerability lets hackers record any meeting anonymously

By Waqas This Zoom vulnerability lets hackers record meetings even when host disables recording functionality for participants. This is a post from HackRead.com Read the original post: New Zoom vulnerability lets hackers record any meeting anonymously...

Fake Skype, Signal Apps Used to Spread Surveillanceware

Cybercriminals are increasingly peddling booby-trapped version of popular apps such as Skype and Signal that contain surveillanceware. Apurva Kumar, security intelligence engineer at Lookout, said that one such surveillanceware family that’s been spotted using this tactic is Monokle, a...

Threat Spotlight: MedusaLocker

By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of the functionality...

Design/Logic Flaw

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction...

CVE-2020-9444

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality...

CVE-2020-9445

Zulip Server before 2.1.3 allows XSS via the modallink feature in the Markdown functionality...

Design/Logic Flaw

Zulip Server before 2.1.3 allows XSS via the modallink feature in the Markdown functionality...

CVE-2020-9444

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality...

CVE-2020-5733

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information...

Wowza Streaming Engine Remote Authentication Authorization Bypass Vulnerability

Wowza Streaming Engine is a streaming media server software from Wowza Media Systems. The program supports live streaming, VOD, online video chat, and remote recording. A security vulnerability exists in version 4.7.8 build 20191105123929 of Wowza Streaming Engine. An attacker can exploit the...

CVE-2020-11669

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idlebook3s.S does not have save/restore functionality for PNVPOWERSAVEAMR, PNVPOWERSAVEUAMOR, and PNVPOWERSAVEAMOR, aka CID-53a712bae5dd...

CVE-2020-11669

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idlebook3s.S does not have save/restore functionality for PNVPOWERSAVEAMR, PNVPOWERSAVEUAMOR, and PNVPOWERSAVEAMOR, aka CID-53a712bae5dd...

Design/Logic Flaw

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idlebook3s.S does not have save/restore functionality for PNVPOWERSAVEAMR, PNVPOWERSAVEUAMOR, and PNVPOWERSAVEAMOR, aka CID-53a712bae5dd...