CVE-2019-4366

IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748...

PT-2020-3143 · Cisco · Cisco Unified Communications Manager Session Management Edition +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME affected versions not specified Description: The issue is related to insufficient validation of user-supplied...

Cisco Data Center Network Manager Cross-Site Scripting Vulnerability (CNVD-2020-34293)

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration, and troubleshooting. A cross-site scripting vulnerability exists in the Web management interface in...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2020-27108)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. Cisco Firepower Management Center suffers from a cross-site scripting vulnerability that originates from the user interface not adequately validating user-submitted input. An attacker coul...

Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords

Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II the virus, which causes COVID-19 the disease, is becoming an opportunity for them to likewise spread malware or launch cyber attacks. Reason Labs recently released a...

CVE-2020-3157

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...

Avast and AVG Browser Extensions Spying On Chrome and Firefox Users

If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed...

Cisco Web Security Appliance Cross-Site Scripting Vulnerability (CNVD-2020-31993)

The Cisco Web Security Appliance WSA is a web security appliance from Cisco USA. The appliance provides SaaS-based access control, real-time web reporting and tracking, and development of security policies. A cross-site scripting vulnerability exists in the Web management interface in versions...

Cisco Industrial Network Director Cross-Site Scripting Vulnerability

Cisco Industrial Network Director IND is an industrial automation management system from Cisco. The system achieves automation management by visualizing the industrial Ethernet infrastructure. A cross-site scripting vulnerability exists in Cisco Industrial Network Director. An attacker could...

CVE-2019-15269

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. These vulnerabilities are due to insufficient...

CVE-2019-12707

A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient...

CVE-2019-12668

A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to...

Google Launches Open-Source Browser Extension for Ad Transparency

Google is launching an experimental, open-source browser extension aimed at increasing transparency around online advertising by displaying information about the ads that are shown to users. The browser extension is an integral part of a new Google initiative announced Thursday to develop a set o...

Cisco Unified Contact Center Express Input Validation Error Vulnerability

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An input validation error vulnerability...

How to steal a million (of your data)

Any user data — from passwords for entertainment services to electronic copies of documents — is highly prized by intruders. The reason is simply that almost any information can be monetized. For instance, stolen data can be used to transfer funds to cybercriminal accounts, order goods or service...

Cisco Prime Service Catalog Input Validation Error Vulnerability

Cisco Prime Service Catalog PSC is a service catalog solution from Cisco that provides all IT services through a single portal. The solution supports automated ordering of a unified service catalog for compute, network, storage, and other data center resources. An input validation error...

Cisco Unified Intelligence Center Remote File Injection Vulnerability

Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides reports related to business data and call center data presentation capabilities. A remote file injection vulnerability exists in Cisco Unified Intelligence Cente...

Shopify: Reflected XSS

Hi team , I found a reflected xss on https://app.oberlo.com domain . Reproduce : Visit https://app.oberlo.com/auth?shop=%3C/noscript%3E%3Cimg%20src=x%20onerror=promptdocument.domain%3E in latest version of firefox browser . You will see popup like attacked screenshot : F485407 Tested in Latest...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2019-16512)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...

Analyzing a new stealer written in Golang

Golang Go is a relatively new programming language, and it is not common to find malware written in it. However, new variants written in Go are slowly emerging, presenting a challenge to malware analysts. Applications written in this language are bulky and look much different under a debugger fro...