Difference between revisions of "Template:PSW652NewsPaulAsadoorian"

From Security Weekly Wiki
Jump to navigationJump to search
Line 2: Line 2:
 
#[https://www.exploit-db.com/exploits/48472 vBulletin 5.6.1 - 'nodeId' SQL Injection] - And it has been released! Please use it responsibly (and patch your systems).
 
#[https://www.exploit-db.com/exploits/48472 vBulletin 5.6.1 - 'nodeId' SQL Injection] - And it has been released! Please use it responsibly (and patch your systems).
 
#[https://www.exploit-db.com/exploits/48481 Online Healthcare Patient Record Management System 1.0 - Authentication Bypass] - Wow, just wow: ''The login.php file allows a user to just supply ‘ or 1=1 – as a username and whatever password and bypass the authentication''. Looks like this is a small project from an individual. We need to take the time to educate...
 
#[https://www.exploit-db.com/exploits/48481 Online Healthcare Patient Record Management System 1.0 - Authentication Bypass] - Wow, just wow: ''The login.php file allows a user to just supply ‘ or 1=1 – as a username and whatever password and bypass the authentication''. Looks like this is a small project from an individual. We need to take the time to educate...
#[https://www.exploit-db.com/exploits/48491 Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)]
+
#[https://www.exploit-db.com/exploits/48491 Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)] - Interesting exploit, it does require authentication (but then allows for a root shell).
 
#[https://blog.rootshell.be/2020/05/21/sans-isc-malware-triage-with-floss-api-calls-based-behavior/ [SANS ISC] Malware Triage with FLOSS: API Calls Based Behavior | /dev/random]
 
#[https://blog.rootshell.be/2020/05/21/sans-isc-malware-triage-with-floss-api-calls-based-behavior/ [SANS ISC] Malware Triage with FLOSS: API Calls Based Behavior | /dev/random]
 
#[https://www.zdnet.com/article/hackers-target-the-air-gapped-networks-of-the-taiwanese-and-philippine-military/ Hackers target the air-gapped networks of the Taiwanese and Philippine military | ZDNet]
 
#[https://www.zdnet.com/article/hackers-target-the-air-gapped-networks-of-the-taiwanese-and-philippine-military/ Hackers target the air-gapped networks of the Taiwanese and Philippine military | ZDNet]

Revision as of 20:53, 21 May 2020

Articles

  1. vBulletin 5.6.1 - 'nodeId' SQL Injection - And it has been released! Please use it responsibly (and patch your systems).
  2. Online Healthcare Patient Record Management System 1.0 - Authentication Bypass - Wow, just wow: The login.php file allows a user to just supply ‘ or 1=1 – as a username and whatever password and bypass the authentication. Looks like this is a small project from an individual. We need to take the time to educate...
  3. Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit) - Interesting exploit, it does require authentication (but then allows for a root shell).
  4. [SANS ISC Malware Triage with FLOSS: API Calls Based Behavior | /dev/random]
  5. Hackers target the air-gapped networks of the Taiwanese and Philippine military | ZDNet
  6. Stored XSS in WP Product Review Lite plugin allows for automated takeovers
  7. 'Mandrake' Android Spyware Remained Undetected for 4 Years | SecurityWeek.Com
  8. The 3 Top Cybersecurity Myths & What You Should Know
  9. Bluetooth Vulnerability Allows Attackers to Impersonate Previously Paired Devices | SecurityWeek.Com
  10. Enhanced Safe Browsing Protection now available in Chrome
  11. EasyJet data breach: 9 million customers affected - Help Net Security
  12. Vulnerability in Qmail mail transport agent allows RCE - Help Net Security
  13. Remote Code Execution Vulnerability Patched in VMware Cloud Director | SecurityWeek.Com
  14. Israel is suspected to be behind the cyberattack on Iranian port
  15. Vulnerabilities Exposed Hundreds of Thousands of QNAP NAS Devices to Attacks | SecurityWeek.Com
  16. ISC Releases Security Advisory for BIND | CISA
  17. Stealing Secrets from Developers using Websockets
  18. Chrome 83 adds DNS-over-HTTPS support and privacy tweaks
  19. Signal fixes location-revealing flaw, introduces Signal PINs - Help Net Security
  20. XSS, Open Redirect Vulnerabilities Patched in Drupal | SecurityWeek.Com
  21. The Need for Compliance in a Post-COVID-19 World
  22. Zoom to Provide Detailed Info on Upcoming End-to-End Encryption Feature | SecurityWeek.Com
  23. Google Begins Encrypting Domain Name Lookups
  24. Microsoft: we were wrong about open source
  25. Official reminds public to avoid touching other people's balls as crowd giggles