Unspecified Vulnerability in Oracle Retail Applications Retail Customer Management and Segmentation Foundation

Oracle Retail Applications is a set of retail applications store solutions from Oracle Corporation Oracle. The product includes inventory management, sales management and customer management, etc. Retail Customer Management and Segmentation Foundation is one of the retail customer management...

CVE-2020-7483

CVE-2020-7483 affects legacy Schneider Electric TriStation 1131 software (TriStation 1131 v1.0.0–4.9.0, v4.10.0 and 4.12.0) where the optional password feature can cause certain data to be transmitted in cleartext over the network. Schneider Electric remediated this by releasing TriStation v4.9.1...

CVE-2020-2815

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite component: Profile. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks requi...

CVE-2020-2760

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit

As it faces a major lawsuit, Zoom is taking a significant step to bolster security and privacy efforts by recruiting an industry heavy-hitter – former Facebook CISO Alex Stamos – to provide special counsel. It has also named third-party expert security advisory teams. The popular videoconferencin...

Key Findings from the 2020 Cyberthreat Defense Report

The new 2020 Cyberthreat Defense Report CDR released this week. Now in its seventh year, the annual report provides a look at how global cybersecurity professionals perceive threats and plan to defend against them. The CDR enables cybersecurity professionals to benchmark their company’s security...

COVID-19: How Do I Work from Home Securely?

The coronavirus pandemic—the infection officially designated as COVID-19—is causing upheaval across the globe. Aside from the serious economic and public health implications, one very practical impact of shelter-in-place dictums is to force many companies to support remote working where they can...

glpi -- Improve encryption algorithm

MITRE Corporation reports: In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure...

Nextcloud: Missing server side controls when editing the board’s sharing permissions per user

Author: Silvia Väli, Clarified Security https://www.clarifiedsecurity.com/silvia-vali/ Date: 24th of March, 2020 Description: When the regular user is visiting the Deck view, all created boards are displayed along with the ones that are shared with the user by others. Available functionality with...

Security Breach Disrupts Fintech Firm Finastra

Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company's public statement and notice to customers does not mention the cause of the outage, but their...

CVE-2020-10096

An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The...

CVE-2020-10096

CVE-2020-10096 affects Zammad 3.0–3.2 and involves a failure to prevent caching of confidential data in browser memory. An attacker who remotely compromises or physically gains access to a user’s workstation can read sensitive information from the browser cache without authenticating to the appli...

Top 10 Most Innovative Cybersecurity Companies After RSA 2020

The RSA Conference, the world's leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss privacy, Machine Learning,...

CVE-2018-14705 Lack of Authentication/Authorization on Administrative Web Pages

In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these...

The vulnerability of SAP BusinessObjects Business Intelligence platform lies in its lack of encryption for user-input data, allowing attackers to execute cross-site scripting attacks.

The vulnerability of the SAP BusinessObjects Business Intelligence platform exists due to deficiencies in the encryption of data entered by users. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras

Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issue...

IRS Launches “Identity Theft Central” Webpage

The Internal Revenue Service IRS has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals personal information to commit tax fraud. The...

CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

fanfox.net Cross Site Scripting vulnerability OBB-1082408

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...