SANS Experts: 4 Emerging Enterprise Attack Techniques

In a recent report, a panel of SANS Institute experts broke down key takeaways and emerging attack techniques from this year’s RSA Security Conference. The long and short of it? This next wave of malicious methodologies isn’t on the horizon — it’s here. When it comes to supply-chain and ransomwar...

Open Solutions For Education openSIS SQL注入漏洞

openSIS is a free and open source student information system/school management software. openSIS version 8.0 is vulnerable to SQL injection when using MySQL MariaDB as the application database. An attacker can use the index.php username parameter to issue SQL commands to the MySQL MariaDB databas...

CVE-2021-32827

CVE-2021-32827 affects MockServer. The issue arises from a combination of an overly broad default CORS configuration and support for dynamic expectations via Javascript/Velocity templates , which may allow an attacker to perform script injection and arbitrary code execution on the MockServer host...

UBUNTU-CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System OTRS Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm,...

Black Hat 2021: Rapid7 Experts Share Key Day 2 Takeaways

Here we are again, back for another day of Rapid7 expert debriefings and analysis for some of the most talked-about Black Hat sessions of this year. So without further delay, let’s take it away! Get more DEF CON 2021 insights from our Research team on Tuesday, August 10 Sign up for our What...

Unspecified Vulnerability in Nextcloud (CNVD-2021-51810)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 19.0.13, 20.0.11, and 21.0.3, which stems from the fact that rate limiting in Nextcloud...

Unspecified vulnerability in Nextcloud (CNVD-2021-51795)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 19.0.13, 20.011, and 21.0.3, which can be exploited by an attacker to enumerate...

XYHCMS 跨站请求伪造漏洞

xyhcms is a software application. A completely open source CMS content management system, simple, easy to use, secure, stable and free. xyhcmsV3.6 has a security vulnerability that can be exploited by an attacker to edit any information about an administrator, such as name, email and password...

07FLY-CRM Customer Management System v1.2 suffers from SQL injection vulnerability (CNVD-2021-46819)

07FLY-CRM is a domestic open source general-purpose customer management system for various industries , mainly for small and medium-sized sales / after-sales service team . 07FLY-CRM customer management system v1.2 SQL injection vulnerability , attackers can exploit the vulnerability to obtain...

pfSense cross-site scripting vulnerability (CNVD-2021-43531)

pfsense is an open source routing and firewall software, customized and developed based on freebsd system. A stored cross-site scripting vulnerability exists in the loadbalancermonitor.php function in pfSense version 2.4.5-p1. An attacker can exploit this vulnerability to execute arbitrary web...

Unspecified Vulnerability in Rocket.Chat

Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat versions 3.11, 3.12, and 3.13. The vulnerability could lead to unauthenticated NoSQL injection. No details of the vulnerability are provided at this time...

Snort 安全漏洞

Snort is a Snort open source application. Provides a set of rules to help define malicious network activity and uses these rules to find packets that match it and generate alerts for the user. Snort has a security vulnerability that can be exploited by attackers to bypass filtering rules in order...

IPED - Digital Forensic Tool - Process And Analyze Digital Evidence, Often Seized At Crime Scenes By Law Enforcement Or In A Corporate Investigation By Private Examiners

IPED is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners. Introduction IPED - Digital Evidence Processor and Indexer translated from Portuguese is a tool implement...

opensc: stack-based buffer overflow in tcos_decipher

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcosdecipher...

Google TensorFlow divide-by-zero error vulnerability (CNVD-2021-36562)

Google TensorFlow is an end-to-end open source machine learning platform. A divide-by-zero error vulnerability exists in the tf.rawops.Conv3DBackprop implementation in TensorFlow versions prior to 2.5.0. No detailed vulnerability details are provided at this time...

Microsoft Visual Studio Code Command Injection Vulnerability

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A command injection vulnerability exists in Microsoft Visual Studio Code. No details of the vulnerability are provided at this time...

KLA12170 RCE vulnerability in Microsoft Open Source Software

A remote code execution vulnerability was found in Microsoft Open Source Software. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-31200 Related products Yammer-Desktop-App CVE list CVE-2021-31200 high KB list Solution Install necessary updat...

Command Execution Vulnerability in XMind Windows Edition and XMind 2021 Beta

XMind is a mind mapping software that is also open source and cross-platform. A command execution vulnerability exists in XMind Windows Edition and XMind 2021 Beta, which can be exploited by an attacker to gain control of a server...

Tesla Remotely Hacked from a Drone

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component ConnMan used in Tesla automobiles that allowed them to compromise parked ca...

Imagemagick Studio ImageMagick Digital Error Vulnerability (CNVD-2021-36214)

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. ImageMagick has a security vulnerability that can be exploited by an attacker to...