CVE-2020-10582

A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...

Sql injection

A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...

CVE-2020-10582

CVE-2020-10582 describes a SQL injection in Invigo Automatic Device Management (ADM) prior to or including version 5.0, affecting the script at /admin/display_errors.php. The underlying issue allows remote attackers to execute arbitrary SQL queries against the database, with potential data readin...

Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI

When your organization invests in a new product or service, it is essential that you take advantage of all the features it has to offer. This will help you to maximize your return on investment ROI. If you have purchased or are thinking about purchasing a self-service password reset SSPR tool, on...

Invigo Automatic Device Management 路径遍历漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A directory traversal vulnerability exists in /admin/sysmon.php in Invigo Automati...

PT-2021-9155 · Invigo · Invigo Automatic Device Management

Name of the Vulnerable Software and Affected Versions: Invigo Automatic Device Management ADM versions through 5.0 Description: A command injection issue in the /admin/broadcast.php script allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the...

UBUNTU-CVE-2019-14828

A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that...

[SECURITY] Fedora 34 Update: suricata-6.0.2-1.fc34

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

As cybercriminals continue to exploit unpatched on-premises versions of Exchange Server 2013, 2016, and 2019, we continue to actively work with customers and partners to help them secure their environments and respond to associated threats. To date, we have released a comprehensive Security Updat...

Threat Roundup for March 5 to March 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 5 and March 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

How Akamai Can Help You Fight the Latest Exploitation Attempts Against Microsoft Exchange

Co-authored by Ryan Barnett. AppSec Protections for Microsoft Exchange CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 On March 2, 2021, the Microsoft Security Response Center alerted its customers to several critical security updates to Microsoft Exchange Server, addressing...

Girsh - Automatically Spawn A Reverse Shell Fully Interactive

Who didn't get bored of manually typing the few lines to upgrade a reverse shell to a full interactive reverse shell tty spawn, stty size ..., stty raw -echo or typing the command to use ConPTY. Description With Girsh, just run it and it will detect the OS and execute the correct commands to...

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

[SECURITY] Fedora 33 Update: suricata-5.0.6-1.fc33

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2021-0086)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggest...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Vulnerability (NS-SA-2021-0020)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by a vulnerability: - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a...

Dr.Web Security Space 数据伪造问题漏洞

Doctor Web Dr.Web Security Space is an application of the Russian company Doctor Web. Dr.Web Security Space is an application from the Russian company Doctor Web that provides a unified protection of all nodes of an enterprise network. A security vulnerability exists in Dr.Web Security Space...

Threat Roundup for February 26 to March 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 26 and March 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

KB5001399: Servicing stack update for Windows 10: April 13, 2021

KB5001399: Servicing stack update for Windows 10: April 13, 2021 This update applies to the following: ​Windows 10 for 32-bit devices Windows 10 for x64-based devices Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates...

SQL Injection Vulnerability in Shipping 100 Virtual Goods Autoship System T1

Shipping 100-Virtual Goods Auto-Shipping System is a powerful virtual goods automatic shipping system/article pay to read the system, without manual supervision, customers can buy online to automatically complete the transaction. There is a SQL injection vulnerability in T1 of Shipment100 Virtual...