CVE-2021-39371
Summary: An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application...
Month: September 2021
CVE-2021-39371
Summary: An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application...
CVE-2021-39371
Summary: An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application...
CVE-2021-28697
Summary: grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of...
Surge in Sextortion Attacks Cost Targeted Users $8 This Year
The FBI IC3 (Internet Crime Complaint Center) raised an alert about a great surge in sextortion complaints since January 2021,...
Microsoft Links SolarWinds Serv-U SSH 0-Day Attack to a Chinese Hacking Group
Microsoft Threat Intelligence Center has published technical facts regarding a now-patched, 0-day remote code execution exploit affecting SolarWinds Serv-U managed...
Babuk Ransomware Full Source Code Leaked On A Russia-Speaking Hacking Forum
The complete source code for the Babuk ransomware has been leaked by a threat actor on a Russian-speaking hacking forum,...
Cryptocurrency Exchange Bilaxy Under Attack, Hacker Stole ERC20 Wallet Tokens
On Sunday 29th of August, the Hong Kong-based cryptocurrency exchange Bilaxy was the subject of a breach that infiltrated a...
Beaumont Health: The Latest Victim of Accellion Breach
Beaumont Health, headquartered in Michigan, is the latest victim of the Accellion data breach, which began in December 2020 and...
Ligolo-Ng – An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface
An advanced, yet simple, tunneling tool that uses a TUN interface.by TNP IT SecurityIntroductionLigolo-ng is a simple, lightweight and fast...
GoPurple – Yet Another Shellcode Runner Consists Of Different Techniques For Evaluating Detection Capabilities Of Endpoint Security Solutions
This project is a simple collection of various shell code injection techniques, aiming to streamline the process of endpoint detection...
WhatsApp fined €225M over GDPR issues
The Irish Data Protection Commission has fined WhatsApp €225 million over data sharing transparency for European Union users’ data with Facebook. The...
Security Affairs newsletter Round 330
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Major IPS in New Zealand hit by massive DDoS, Internet outages reported
A massive DDoS hit New Zealand ‘s third-largest internet operator isolating parts of the country from the Internet. A massive...
SEC warns of investment scams related to Hurricane Ida
The US Securities and Exchange Commission warns investors of potential investment scams that leverages Hurricane Ida as a bait. The US Securities and...
CVE-2021-33007
Summary: A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted...
CVE-2021-33007
Summary: A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted...
CVE-2021-33019
Summary: A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a...
CVE-2021-33019
Summary: A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a...
CVE-2021-39375
Summary: Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. Reference Links(if available):...
CVE-2021-39375
Summary: Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. Reference Links(if available):...
CVE-2021-27556
Summary: The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code...
CVE-2021-39371
Summary: An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application...
Critical Flaws in NPM Package Patched by Node.js Developers
Node.js maintainers have launched a major update to the npm package "tar" (aka node-tar) that resolves five critical safety flaws,...
