CVE-2020-8155

CVE-2020-8155 is addressed in Nextcloud security updates across multiple distributions. OpenSUSE and Fedora advisories show Nextcloud updates (e.g., openSUSE-2020-670, openSUSE-2020-0670-1, FEDORA_2020-C9863904DE/NASLs) that fix CVE-2020-8155. The openSUSE entries describe CVE-2020-8155 as a dire...

CVE-2020-8155

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

Design/Logic Flaw

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder...

Tales From the Trenches; a Lockbit Ransomware Story

ARCHIVED STORY Tales From the Trenches; a Lockbit Ransomware Story By ATR Operational Intelligence Team · APR 30, 2020 Co-authored by Marc RiveroLopez. In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased massively over the past...

A look at the ATM/PoS malware landscape from 2017-2019

From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history. And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape loo...

CVE-2019-20689

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before 1.0.0.63, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136,...

8x8: Outdated Coturn is vulnerable to known vulnerabilities (High)

Jitsi had several CoTurn servers that needed improvements to their access configurations and updated...

JQuery < 1.9.0 XSS

According to the self-reported version in the script, the version of JQuery hosted on the remote web server is prior to 1.9.0. It is, therefore, affected by a cross site scripting vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid135011; scriptversion"1.3...

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...

Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit

The plugin uses an outdated PHPUnit library, which is known to be affected by an unauthenticated RCE issue. February 28th, 2020 - Ticket sent to vendor via https://support.cedcommerce.com/open.php March 6th, 2020 - Update requested to vendor also realised that the ticket was closed w/o reason giv...

Trend Micro Malware Sample Detection Bypass Vulnerability (1118797)

The remote host is running a version of the Trend Micro engine with an outdated pattern file. It is, therefore, affected by an issue whereby certain malware samples may, incorrectly, be classified as benign. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid134892;...

Razer: SQL injection in Razer Gold List Admin at /lists/index.php via the `list[]` parameter.

The tester discovered a monitoring server in a Razer Gold environment was running legacy software with a SQL injection vulnerability. Razer thanks the tester for his diligence and helping keep Razer's customer data secure. A Razer Gold asset suffered from an SQL injection due to an outdated...

Nextcloud: XSS in PDF Viewer

An outdated version of PDF.js in use allows for the CVE-2018-5158 vulnerability. When the payload PDF is shown in the supplied PDF viewer, it can execute arbitrary JavaScript. I have tested the payload PDF, and it is working in the Safari 13.0.5 the latest version and Firefox 74.0 the latest...

EulerOS Virtualization for ARM 64 3.0.2.0 : curl (EulerOS-SA-2020-1233)

According to the versions of the curl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.CVE-2019-5482 - curl before version 7.51.0 us...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2020-1233)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

More Than Half of IoT Devices Vulnerable to Severe Attacks

More than half of all internet of things IoT devices are vulnerable to medium- or high-severity attacks, meaning that enterprises are sitting on a “ticking IoT time bomb,” according to Palo Alto Networks Unit 42 research team. In new research released Tuesday, researchers said that several...

Most Medical Imaging Devices Run Outdated Operating Systems

The end of Windows 7 support has hit health care extra hard, leaving several machines vulnerable...

CVE-2012-5623

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords...

Design/Logic Flaw

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords...

CVE-2020-5229 Opencast stores passwords using outdated MD5 hash algorithm

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...