🛡 Cybersecurity & Privacy 🛡 - News

2021-10-27 22:32:20 Adobe’s Surprise Security Bulletin Dominated by Critical Patches

Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure.

Read

via "Threat Post". Open / Comment

2021-10-27 22:13:36 Develop the skills required for an in-demand cybersecurity career

It's not necessary to spend a great deal of time or money to learn the skills required to work in some of the most exciting and highly paid positions in the tech industry.

Read

via "Tech Republic". Open / Comment

2021-10-27 21:16:31 CVE-2021-37806

An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 21:16:30 CVE-2021-37805

A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 21:16:28 CVE-2021-29713

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 21:16:27 CVE-2021-29868

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 21:16:25 CVE-2021-29673

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 21:16:24 CVE-2021-29844

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 21:16:23 CVE-2021-29786

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.

Read

via "National Vulnerability Database". Open / Comment

2021-10-27 21:16:20 CVE-2021-29774

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.

Read

via "National Vulnerability Database". Open / Comment