Channel address:
Categories:
Technologies
Language: English
Subscribers:
19.31K
Description from channel
🗞 The finest daily news on cybersecurity and privacy.
🔔 Daily releases.
💻 Is your online life secure?
📩 lalilolalo.dev@gmail.com
Ratings & Reviews
Reviews can be left only by registered users. All reviews are moderated by admins.
5 stars
0
4 stars
2
3 stars
0
2 stars
0
1 stars
1
The latest Messages 36
2021-08-31 19:33:45
CVE-2021-21679 Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
Read
via "
National Vulnerability Database".
33 views16:33
2021-08-31 19:33:44
CVE-2020-19048 Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
Read
via "
National Vulnerability Database".
33 views16:33
2021-08-31 19:33:43
CVE-2020-19046 Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
Read
via "
National Vulnerability Database".
33 views16:33
2021-08-31 19:33:42
CVE-2021-21680 Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.
Read
via "
National Vulnerability Database".
31 views16:33
2021-08-31 19:33:40
CVE-2021-21678 Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
Read
via "
National Vulnerability Database".
30 views16:33
2021-08-31 19:33:39
CVE-2021-21677 Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
Read
via "
National Vulnerability Database".
31 views16:33
2021-08-31 19:33:38
CVE-2020-19049 Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
Read
via "
National Vulnerability Database".
33 views16:33
2021-08-31 19:33:35
CVE-2021-21681 Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Read
via "
National Vulnerability Database".
40 views16:33
2021-08-31 19:33:33
CVE-2020-19047 Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component '/index.php?controller=system&action=admin_edit_act'.
Read
via "
National Vulnerability Database".
48 views16:33
2021-08-31 19:19:35
WooCommerce Pricing Plugin Allows Malicious Code-Injection The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.
Read
via "
Threat Post".
63 views16:19