Monthly Archive: December 2020

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user....

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. Date published : 2020-12-22 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such...

Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management....

HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the...

A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash...

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code...

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to...

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to...

A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption...

Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue’s hub and it will stop responding. The "hub" will stop operating and be...

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. Date published : 2020-12-21 https://support.solarwinds.com/SuccessCenter/s/ https://www.esecforte.com/formula-injection-vulnerability-india-in-solarwinds-web-help-desk/

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server,...

ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server,...