Western Digital My Book World II NAS 1.02.12 Hardcoded Credential Vulnerability

Western Digital My Book World II NAS versions 1.02.12 and below have a hard-coded ssh credential that allows for remote command execution. Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Exploi...

Western Digital My Book World II NAS 1.02.12 Hardcoded Credential

Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution

Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, Nationa...

WordPress facebook-for-woocommerce plugin cross-site request forgery vulnerability (CNVD-2019-30104)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers. facebook-for-woocommerce is a plug-in that enables marketing through Facebook. A cross-site request forgery vulnerability exis...

Apache Struts DoS Vulnerability (S2-051) - Linux

Apache Struts is prone to a Denial of Service DoS vulnerability in the Struts REST plugin. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

CVE-2019-9582

eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7, 2.47.10, 2.47.12, 2.47.15...

Trojans, ransomware dominate 2018–2019 education threat landscape

Heading into the new school year, we know educational institutions have a lot to worry about. Teacher assignments. Syllabus development. Gathering supplies. Readying classrooms. But one issue should be worrying school administrators and boards of education more than most: securing their networks...

cPanel cross-site scripting vulnerability (CNVD-2019-28987)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the listftpstable AP in versions prior to cPanel 60.0.25. The vulnerabili...

cPanel cross-site scripting vulnerability (CNVD-2019-26210)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 66.0.2. The vulnerability stems from a lack of proper...

Gamers Are Easy Prey for Credential Thieves

Gamers are soft targets for credential-thieving hackers who see them as young, naive and playing it fast and loose with security. “A 14-year-old kid’s gaming credentials are worth more than you think,” said Mike Wilson, CTO at Enzoic. He said credentials tied to Fortnite, Minecraft and RuneScape...

ICSA-19-192-04 Siemens SIMATIC RF6XXR

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely/public exploits are available Vendor : Siemens Equipment : SIMATIC RF6XXR Vulnerabilities : Improper Input Validation, Cryptographic Issues 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow access to...

Mozilla Thunderbird < 60.7.2

The version of Thunderbird installed on the remote Windows host is prior to 60.7.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-20 advisory. - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can...

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions...

WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: WAGO 852 Industrial Managed Switch Series vulnerable version: 852-303: v1.2.2.S0 852-1305: v1.1.6.S0 852-1505: v1.1.5.S0 fixed version:...

Design/Logic Flaw

A vulnerability exists in Rancher 2.1.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit...

Identifying Vulnerabilities in Phishing Kits

While recently examining hundreds of phishing kits for ongoing research, Akamai discovered something interesting - several of the kits included basic vulnerabilities due to flimsy construction or reliance on outdated open source code. Considering the impact phishing kits have on...

GHSA-H896-MX9X-G32G XML External Entity injection in Apache Camel

Apache Camel prior to 2.24.0 contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed...