CVE-2021-41298

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

Authorization

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

CVE-2021-41298 ECOA BAS controller - Improper Access Control

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

CVE-2021-27990

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities...

Authentication flaw

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities...

CVE-2021-27990

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities...

Acronis: Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm

Summary The store admin page is accessible without authentication at below URL: http://www.grouplogic.com/ADMIN/store/index.cfm The store admin page provides functionalities such as the following: - Add Edit Items - Search Products - Search Results - Search Orders - Orders Search Results - Add Ne...

CVE-2020-10581

Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...

CVE-2020-13474

In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users...

CVE-2020-28054

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified binary patched and the Bypass Login functionality is being used, an...

Service Update 0.21 for Microsoft Dynamics 365 9.0

Service Update 0.21 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.21 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.21. MORE INFORMATION Update package| Version number ---|---...

OPENSUSE-SU-2020:1497-1 Security update for singularity

This update for singularity fixes the following issues: New version 3.6.3, addresses the following security issues: - CVE-2020-25039, boo1176705 When a Singularity action command run, shell, exec is run with the fakeroot or user namespace option, Singularity will extract a container image to a...

ADBSploit - A Python Based Tool For Exploiting And Managing Android Devices Via ADB

A python based tool for exploiting and managing Android devices via ADB Currently on development Screenrecord Stream Screenrecord Extract Contacts Extract SMS Extract Messasing App Chats WhatsApp/Telegram/Line Install Backdoor And more... Installation First Download or clone repo git clone...

Design/Logic Flaw

Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution...

Thanos Ransomware First to Weaponize RIPlace Tactic

Researchers have uncovered a new ransomware-as-a-service RaaS tool, called Thanos, which they say is increasing in popularity in multiple underground forums. Thanos is the first ransomware family observed that advertises the use of the RIPlace tactic. RIPlace is a Windows file system technique...

SUSE-SU-2020:0693-1 Security update for wireshark

This update for wireshark and libmaxminddb fixes the following issues: Update wireshark to new major version 3.2.2 and introduce libmaxminddb for GeoIP support bsc1156288. New features include: - Added support for 111 new protocols, including WireGuard, LoRaWAN, TPM 2.0, 802.11ax and QUIC -...

CVE-2020-11561

In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen...

Code injection

In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen...

Cross-Site Request Forgery (CSRF) in tuhinshubhra/extanalysis

Overview The ExtAnalysis project is vulnerable against various CSRFs, that could lead to loss of functionalities and placement of malicious files in arbitrary directories without knowledge of the victim. Proof of Concept Credit: Mik317 1. Download the git project and run the server through the...

Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider MSSP market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t...