Security Updates for Outlook (April 2021)

The Microsoft Outlook application installed on the remote host is missing security updates. It is, therefore, affected by a memory corruption vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable...

Invigo Automatic Device Management Command Injection (CVE-2020-10583)

A command injection vulnerability exists in Invigo Automatic Device Management. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Invigo Automatic Device Management Remote Code Execution (CVE-2020-10580)

A remote code execution vulnerability exists in Invigo Automatic Device Management. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Fedora: Security Advisory for clamav (FEDORA-2021-bedb7cc66e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 33 Update: clamav-0.103.2-1.fc33

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

CVE-2021-23005

The CVE-2021-23005 issue affects BIG-IQ high-availability (HA) when using a Quorum device for automatic failover; TLS is not used with the Corosync protocol, exposing in-transit data to potential eavesdropping/modification. Affected BIG-IQ HA versions are 7.x and 6.x; this is fixed in BIG-IQ 8.0....

CURL-CVE-2021-22876 Automatic referer leaks credentials

libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. libcurl automatically sets the Referer:...

Automatic referer leaks credentials

libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. libcurl automatically sets the Referer:...

PT-2021-4051 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.7.1 Description: The issue is related to the exposure of information in WordPress, a content management system. It involves the exploitation of a block in the WordPress editor, which can expose password-protected...

Invigo Automatic Device Management Directory Traversal Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A directory traversal vulnerability exists in /admin/searchby.php in Invigo...

Invigo Automatic Device Management 路径遍历漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A directory traversal vulnerability exists in /admin/searchby.php in Invigo...

Invigo Automatic Device Management 操作系统命令注入漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. An arbitrary OS command injection vulnerability exists in /admin/admapi.php in...

Invigo Automatic Device Management Arbitrary OS Command Injection Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. An arbitrary OS command injection vulnerability exists in /admin/admapi.php in...

Invigo Automatic Device Management Command Injection Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A command injection vulnerability exists in /admin/broadcast.php in Invigo Automat...

Invigo Automatic Device Management Session Validity Check Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A session validity check vulnerability exists in several management functions in...

Invigo Automatic Device Management Directory Traversal Vulnerability (CNVD-2021-22952)

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A directory traversal vulnerability exists in /admin/sysmon.php in Invigo Automati...

Invigo Automatic Device Management SQL Injection Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A SQL injection vulnerability exists in /admin/displayerrors.php in Invigo Automat...

Fleeceware Apps Bank $400M in Revenue

About 204 different “fleeceware” applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to “test” the app, before commencing automati...

CVE-2020-10579

A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application...

CVE-2020-10583

The /admin/admapi.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application...