🛡 Cybersecurity & Privacy 🛡 - News CHANNEL WIDGET

18295 SUBSCRIBERS

🛡 Cybersecurity & Privacy 🛡 - News CHANNEL DESCRIPTION

Owner Description

🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 [email protected]

🛡 Cybersecurity & Privacy 🛡 - News channel is growing at a rate of 14% and has a potential to reach 21954 people. Advertisers can reach out to the channel admin for any advertising opportunities within this channel.

🛡 Cybersecurity & Privacy 🛡 - News MOST VIEWED POST

🛡 Cybersecurity & Privacy 🛡 - News CHANNEL PREVIEW

@cibsecurity : ‼ CVE-2020-35736 ‼ GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. 📖 Read via "National Vulnerability Database".

@cibsecurity : ‼ CVE-2020-29156 ‼ The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. 📖 Read via "National Vulnerability Database".

@cibsecurity : ‼ CVE-2020-29250 ‼ CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. 📖 Read via "National Vulnerability Database".

@cibsecurity : ‼ CVE-2020-29249 ‼ CXUUCMS V3 allows class="layui-input" XSS. 📖 Read via "National Vulnerability Database".

@cibsecurity : ‼ CVE-2020-29204 ‼ XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. 📖 Read via "National Vulnerability Database".

@cibsecurity : ‼ CVE-2020-29299 ‼ Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. 📖 Read via "National Vulnerability Database".

@cibsecurity : ‼ CVE-2020-35575 ‼ A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. 📖 Read via "National Vuln

@cibsecurity : ‼ CVE-2020-35437 ‼ Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. 📖 Read via "National Vulnerability Database".

@cibsecurity : ‼ CVE-2020-29172 ‼ A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. 📖 Read via "National Vulnerability Database".

@cibsecurity : ‼ CVE-2020-35346 ‼ CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. 📖 Read via "National Vulnerability Database".