- Advertisement -
Current Threats
WordPress Village 5.0 CSRF / Backdoor / SQL InjectionMedical Store Script 3.0.3 Cross Site ScriptingAirDrop 2.0 Denial Of ServiceVirtual VCR Max .0a Buffer OverflowTOR Virtual Network Tunneling Tool 0.3.5.8Faraday 3.6.0C4G Basic Laboratory Information System (BLIS) 3.4 SQL InjectionScreenStream 3.0.15 Denial Of ServiceMikroTik RouterOS Firewall / NAT BypassUbuntu Security Notice USN-3866-2WebKit JSC reifyStaticProperty Attribute Flag IssueMatrixSSL x.509 Certificate Verification Stack Buffer OverflowNuuo Central Management SQL Injection[webapps] Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 – Arbitrary File Upload[papers] The Ultimate Guide For Subdomain Takeover with Practical[local] MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 – Local Privilege Escalation[dos] NetSetMan 4.7.1 – ‘Workgroup’ Denial of Service (PoC)[webapps] Find a Place CMS Directory 1.5 – ‘assets/external/data_2.php cate’ SQL Injection[webapps] Listing Hub CMS 1.0 – ‘pages.php id’ SQL InjectionVuln: Cisco Webex Meetings Online CVE-2019-1680 Security Bypass Vulnerability[webapps] Zuz Music 2.1 – ‘zuzconsole/___contact ‘ Persistent Cross-Site ScriptingVuln: Intel Data Center Manager SDK CVE-2019-0111 Local Insecure File Permissions Vulnerability[dos] Valentina Studio 9.0.4 – ‘Host’ Denial of Service (PoC)Vuln: Intel Data Center Manager SDK CVE-2019-0112 Denial of Service Vulnerability[dos] BulletProof FTP Server 2019.0.0.50 – ‘SMTP Server’ Denial of Service (PoC)Vuln: Intel Data Center Manager SDK CVE-2019-0103 Local Information Disclosure Vulnerability[webapps] eDirectory – SQL InjectionVuln: Microsoft .NET Framework and Visual Studio CVE-2019-0657 Spoofing Vulnerability[webapps] XAMPP 5.6.8 – SQL Injection / Persistent Cross-Site Scripting[webapps] Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 – Path Traversal / Cross-Site Scripting[webapps] Ask Expert Script 3.0.5 – Cross Site Scripting / SQL Injection[webapps] Jenkins – Remote Code Execution[local] Apple macOS 10.13.5 – Local Privilege Escalation[webapps] HotelDruid 2.3 – Cross-Site Scripting[dos] FTPShell Server 6.83 – ‘Account name to ban’ Denial of Service (PoC)[webapps] webERP 4.15 – ‘ImportBankTransaction’ Blind SQL Injection[dos] WinRAR 5.61 – ‘.lng’ Denial of Service[dos] FaceTime – Texture Processing Memory Corruption[dos] Android Kernel < 4.8 – ptrace seccomp Filter BypassUbuntu Security Notice USN-3892-1[dos] MatrixSSL < 4.0.2 – Stack Buffer Overflow Verifying x.509 CertificatesTech News 4.3.4 Cross Site Scripting[remote] Belkin Wemo UPnP – Remote Code Execution (Metasploit)Vuln: systemd CVE-2019-6454 Local Denial of Service VulnerabilityApple macOS 10.13.5 Local Privilege EscalationVuln: WordPress CVE-2019-8943 Directory Traversal VulnerabilityHotelDruid 2.3 Cross Site ScriptingVuln: Elasticsearch Logstash CVE-2019-7612 Information Disclosure VulnerabilityNuuo Central Management Server 2.4 Authenticated Arbitrary File UploadVuln: Horner Automation Cscape CVE-2019-6555 Arbitrary Code Execution VulnerabilityVuln: Delta Industrial Automation CNCSoft CVE-2019-6547 Denial of Service VulnerabilityAndroid seccomp Filter Ptrace HoleMicrosoft Edge Insecure click2play WhitelistFaceTime Texture Processing Memory CorruptionBelkin Wemo UPnP Remote Code ExecutionTestSSL 3.0rc4[dos] Realterm Serial Terminal 2.0.0.70 – Denial of Service[dos] Realterm Serial Terminal 2.0.0.70 – Local Buffer Overflow (SEH)[remote] mIRC < 7.55 – Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers[shellcode] macOS – Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (119 bytes)[webapps] WordPress Plugin WooCommerce – GloBee (cryptocurrency) Payment Gateway 1.1.1 – Payment Bypass / Unauthorized Order Status SpoofingVuln: LibVNCServer Incomplete Fix Multiple Heap Buffer Overflow Vulnerabilities[shellcode] macOS – Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (129 bytes)[shellcode] macOS – Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)Vuln: QEMU CVE-2019-3812 Out-Of-Bounds Read Local Information Disclosure Vulnerability[shellcode] macOS – Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (123 bytes)[shellcode] macOS – execve(/bin/sh) + Null-Free Shellcode (31 bytes)Vuln: SolarWinds Orion Network Performance Monitor (NPM) CVE-2019-8917 Remote Code Execution Vulnerability[webapps] qdPM 9.1 – ‘type’ Cross-Site ScriptingVuln: Opencontainers runc CVE-2019-5736 Local Command Execution Vulnerability[webapps] qdPM 9.1 – ‘search[keywords]’ Cross-Site Scripting[webapps] Master IP CAM 01 3.3.4.2103 – Remote Command ExecutionVuln: Multiple Dasan GPON Routers Command Injection and Authentication Bypass Vulnerabilities[webapps] MISP 2.4.97 – SQL Command Execution via Command Injection in STIX Module[webapps] CMSsite 1.0 – ‘post’ SQL Injection[dos] NBMonitor 1.6.5.0 – ‘Key’ Denial of Service (PoC)[webapps] M/Monit 3.7.2 – Privilege Escalation[webapps] Webiness Inventory 2.3 – ‘ProductModel’ Arbitrary File Upload[webapps] Apache CouchDB 2.3.0 – Cross-Site Scripting[webapps] ArangoDB Community Edition 3.4.2-1 – Cross-Site Scripting[webapps] Comodo Dome Firewall 2.7.0 – Cross-Site Scripting[dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour[dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions[dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass[dos] Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::processVuln: Multiple F5 BIG-IP Products CVE-2018-15319 Denial of Service Vulnerability[dos] AirMore 1.6.1 – Denial of Service (PoC)[dos] Free IP Switcher 3.1 – ‘Computer Name’ Denial of Service (PoC)[dos] Navicat for Oracle 12.1.15 – “Password” Denial of Service (PoC)[webapps] MyBB Trash Bin Plugin 1.1.3 – Cross-Site Scripting / Cross-Site Request Forgery[dos] VSCO 1.1.1.0 – Denial of Service (PoC)[webapps] Jinja2 2.10 – ‘from_string’ Server Side Template Injection[webapps] qdPM 9.1 – ‘search_by_extrafields[]’ SQL Injection[dos] Linux – ‘kvm_ioctl_create_device()’ NULL Pointer Dereference[webapps] UniSharp Laravel File Manager 2.0.0-alpha7 – Arbitrary File UploadKVM kvm_inject_page_fault Uninitialized Memory LeakKVM VMX Preemption Timer Use-After-FreeLinux kvm_ioctl_create_device() Reference Flow FailureexacqVision ESM 5.12.2 Privilege EscalationWordPress Booking Calendar 8.4.3 SQL Injection

Cyber Watch

- Advertisement -

Deeper Learning