SonicWall Releases Advisory for Customers after Security Incident

SonicWall released a security advisory to assist their customers with protecting systems impacted by the MySonicWall cloud backup file incident. SonicWall’s investigation found that a malicious actor performed a series of brute force techniques against their MySonicWall.com web portal to gain...

Google Cloud Dataform 安全漏洞

Google Cloud Dataform is a platform for automated workflow processing from Google, Inc. in the United States. A security vulnerability exists in Google Cloud Dataform that stems from path traversal during NPM package installation, which could result in reading and writing to other customer...

Hackers Stole Access Tokens from Okta’s Support Unit

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very small number" of...

CVE-2018-19355

modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop 1.5 through 1.7 allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product for upload destinations under...

CVE-2018-19355

modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop 1.5 through 1.7 allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product for upload destinations under...

CVE-2018-19355

modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop 1.5 through 1.7 allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product for upload destinations under...

CVE-2018-19355

CVE-2018-19355 affects the PrestaShop Customer Files Upload addon (version 2018-08-01) with a flaw in modules/orderfiles/ajax/upload.php. An attacker can upload a PHP file via modules/orderfiles/upload.php using auptype values (product, order, or cart) to endpoints under modules/productfiles, mod...

CVE-2018-0108

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity XXE injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The...

CVE-2018-0108

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity XXE injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The...

CVE-2018-0108

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity XXE injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The...

CVE-2018-0108

Cisco WebEx Meetings Server is affected by an XML External Entity (XXE) injection allowing an unauthenticated, remote attacker to perform out-of-band data exfiltration. The vulnerability enables disclosure of customer files and can be leveraged to gather information for reconnaissance, with the a...

CVE-2018-0108

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity XXE injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The...