15.1 C
Johannesburg

CVE-2020-5244 (buddypress)

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version...

CVE-2020-4211 (spectrum_protect)

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could...

Bugtraq: [slackware-security] proftpd (SSA:2020-051-01)

proftpd (SSA:2020-051-01) Read more

ATutor 2.2.4 SQL Injection

ATutor version 2.2.4 suffers from a remote SQL injection vulnerability. Read more

CVE-2020-9353 (smartclient)

An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local...

CVE-2020-9330

Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who...

Active Attacks Target Popular Duplicator WordPress Plugin

When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then. Read more

CVE-2013-3587

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers...

CVE-2012-0828

Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary...

OpenNetAdmin Ping Command Injection

This Metasploit module exploits a command injection in OpenNetAdmin between versions 8.5.14 and 18.1.1. Read more

Latest article

CVE-2020-3165

A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote...

Unpatched Security Flaws Open Connected Vacuum to Takeover

A connected, robotic vacuum cleaner has serious vulnerabilities that could allow remote hackers to view its video footage and launch denial of service attacks....

CVE-2020-8810

An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual...