QNAP Qsync Central 安全漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained security vulnerabilities. These vulnerabilities were due to uncontrolled resource consumption, which could allow local...

QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a code vulnerability caused by a null pointer dereferencing, which could lead to a denial-of-service attack...

SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it when was the last time you checked?, and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources an...

EUVD-2017-13006

Malware in sbrugna...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

QNAP Qsync Central SQL注入漏洞

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

QNAP Systems Qsync Central 后置链接漏洞

QNAP Systems Qsync Central is a cloud-based file synchronization service on a NAS from China Weilian Technology QNAP Systems. A backlink vulnerability exists in QNAP Systems Qsync Central version 4.4.0.1620240819 and prior versions, which stems from the inclusion of a link tracking vulnerability...

WEPA Print Away 安全漏洞

WEPA Print Away is a cloud-based print management solution organized by the University of Wisconsin-Milwaukee. A security vulnerability exists in WEPA Print Away that stems from not verifying that a user is authorized to access a document before generating a print order and associated release cod...

Threat and Vulnerability Management Best Practices

Today’s business world is increasingly driven by e-commerce and the cloud, which means it requires a proactive approach toward vulnerability management. After all, your company’s data—as well as your customers’—remains at risk to cybercriminals, which places the onus on you to protect your...

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the...

U.S. Mid-term Elections and Akamai Enterprise Threat Protector

The last few years have witnessed seismic changes in the world's political landscape and the way elections have been conducted. As of yet, there's no conclusive evidence that the results and outcomes of a country's election process have been impacted by the cyber efforts of internal or foreign...

Improper access control

Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...

Security Camera Found Riddled With Bugs

CANCUN, Mexico – Tech firm Hanwha Techwin is racing to fix 13 critical security holes found in its popular line of SmartCam security cameras. The patch rollout is part of public disclosure of the vulnerabilities set for today by researchers who discovered the bugs. Flaws range from the use of an...

NetRefer Chooses Imperva Incapsula WAF: A Case Study

Since 2005, companies have been using NetRefer’s performance marketing software to fully automate their affiliate programs. From enrollment through customer relationship management CRM, tracking, finance and rewards management and payments, NetRefer’s Unified Performance Marketing Platform...

Uber Reveals 2016 Breach of 57 Million User Accounts

Ride-hailing service Uber Technologies revealed Tuesday that the company suffered a breach of 57 million Uber user accounts in 2016. According to reports, Uber then attempted to cover up the incident by paying $100,000 to attackers to keep the hack a secret and delete the data. Dara Khosrowshahi,...

Cross site scripting

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...

Cross site scripting

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...

CVE-2017-12291

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...

CVE-2017-12322

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...

CVE-2017-12320

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...