Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies

Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more than 1,200 organizations across 60 countries over the past 12 months. According to findings published by Check Point Research, the...

CVE-2020-5642

Cross-site request forgery CSRF vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2020-26522

A cross-site request forgery CSRF vulnerability in mod/user/actuser.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts...

CVE-2020-26522

A cross-site request forgery CSRF vulnerability in mod/user/actuser.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts...

CVE-2020-19883

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for userlogin, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

CVE-2020-19887

DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$POST'pageparaminsertdescription'' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

CVE-2020-5615

Cross-site request forgery CSRF vulnerability in Calendar01 free edition ver1.0.0 and Calendar02 free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2020-5611

Cross-site request forgery CSRF vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2020-14054

SOKKIA GNR5 Vanguard WEB version 1.2 build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3 and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page...

Sql injection

SOKKIA GNR5 Vanguard WEB version 1.2 build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3 and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page...

CVE-2020-8797

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...

CVE-2020-8797

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...

Command injection

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call aka Command Line Injection, if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network...

CVE-2020-1977

Insufficient Cross-Site Request Forgery XSRF protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier...

Cross site scripting

Insufficient Cross-Site Request Forgery XSRF protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier...

CVE-2014-2225

Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new admin user via a request to api/add/admin; 2 have unspecified impact via a request to...

CVE-2020-8496

In Kronos Web Time and Attendance webTA 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner page as an authenticated administrator...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

UBUNTU-CVE-2020-5202

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket...