PT-2019-12792 · Apache · Apache Incubator Superset

Name of the Vulnerable Software and Affected Versions: Apache Incubator Superset versions prior to 0.31 Description: The issue allows a user to query database metadata information from a database they have no access to, by using a specially crafted complex query. Recommendations: For versions pri...

Unauthorized Access Vulnerability in WWWS-7150 Full Gigabit Multi-WAN Smart Router

Beijing Wenwang Yilian Information Technology Co., Ltd. is a company that has long been engaged in the research, development and construction of network culture computerized supervision platforms and youth internet addiction guardianship projects related to cultural management departments. The...

Unauthorized access vulnerability in Haier wireless routers

Haier Group, founded in 1984, is the world's No. 1 brand of large home appliances and has transformed from a traditional manufacturer of home appliances to a platform for incubating creators for the whole society. Haier Wireless Router has an unauthorized access vulnerability, which can be...

PT-2019-14652 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: PEGA Platform version 8.3.0 Description: The issue allows a low-privilege account to perform actions and retrieve data that should only be accessible to an administrator. This can be achieved by sending a direct request to the "prweb/sso/rand...

DEBIAN-CVE-2012-5578

Python keyring has insecure permissions on new databases allowing world-readable files to be created...

PYSEC-2019-182

Python keyring has insecure permissions on new databases allowing world-readable files to be created...

VMware Carbon Black Threat Report: One Year Out From the 2020 U.S. Elections, Geopolitical Tension Continues to Spawn Cyberattacks

This morning, VMware Carbon Black released its latest Global Incident Response Threat Report GIRTR. Now in its fourth edition, the GIRTR is written in partnership with VMware Carbon Black's incident response IR partner ecosystem and aggregates input from top IR experts to give you, the reader, a...

NetApp SnapManager for Oracle Information Disclosure Vulnerability

NetApp SnapManager for Oracle is an administrative tool for Oracle databases from NetApp, USA. The product provides features such as enforcing policy-driven data management, scheduling and creating routine database backups. An information disclosure vulnerability exists in NetApp SnapManager for...

Updating Airplanes

If you think updating Windows etc is painful, spare a thought for avionics maintenance engineers. Flight Management System FMS and related navigation databases navaids, airspace etc have to be updated monthly, locally. On older planes, it’s sometimes still done on 3.5” floppy. It’s more common to...

7M Adobe Creative Cloud Users Exposed to Hackers

Nearly 7.5 million Adobe Creative Cloud users are left open to phishing campaigns after their records were left exposed to the internet. Adobe Creative Cloud, which has an estimated 15 million subscribers, is a monthly service that gives users access to a suite of popular Adobe products such as...

Religious Website Data Exposed for Months

Religious website service Clover Sites exposed customer data for at least six to seven months, with the dataset found twice in two separate, insecure cloud databases. Clover offers a content management system for building and managing faith-based websites, with a “Clover Donations” module for...

[ASA-201910-13] pacman: arbitrary command execution

Arch Linux Security Advisory ASA-201910-13 ========================================== Severity: High Date : 2019-10-23 CVE-ID : CVE-2019-18182 CVE-2019-18183 Package : pacman Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1049 Summary ======= The package...

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers

A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Extortion by email is growing...

CB TAU Threat Intelligence Notification: Nemty Ransomware

While Nemty Ransomware is distributed by various exploit kits, its behavior is similar to other variants of ransomware. It will perform “task kill” on processes to ensure the encryption of files such as databases SQL server, perform the deletion of volume shadow copies, and disable Windows...

EulerOS 2.0 SP8 : openldap (EulerOS-SA-2019-2087)

According to the version of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for...

ShopsN open source mall system sa*** function SQL injection vulnerabilities exist

ShopsN free version of B2C e-commerce is a product of Shanghai Yisu Network Technology Co. ShopsN open source mall system sa function SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information mutual database...

[SECURITY] Fedora 31 Update: libldb-2.0.7-1.fc31

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...

[SECURITY] Fedora 30 Update: sphinx-2.2.11-12.fc30

Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing e.g. for embedded use is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx...

News Wrap: IoT Radio Telnet Backdoor And 'SimJacker' Active Exploit

Threatpost editors break down the biggest news stories of this week ended Sept. 13, including: Researchers warning that more than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors A Telnet backdoor opened more than 1 million Imperial Dabman IoT...

EMAGNET - Tool For Find Leaked Databases With 97.1% Accurate To Grab Mail + Password Together From Pastebin Leaks

Emagnet is a very powerful tool for it's purpose wich is to capture email addresses and passwords from leaked databases uploaded on pastebin. It's almost impossible to find leaked passwords when they are out of list on pastebin.com. Either they have been deleted by pastebin's techs or the uploads...