Kubernetes Security – Introduction to Attack Vectors
Overview : Kubernetes helps the enterprises to automate their application deployment for the business benefits. Now-a-days Kubernetes security can be
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
Overview : NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. Security Advisory
Security Advisory for Post-Authentication Stack Overflow on Some Routers and Modem Routers
Overview : Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56,
Overview : Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before
Security Advisory for Post-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0352
Overview : Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400
Data Center Security Privilege Escalation
Overview : Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege
unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
Overview : An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by
Apache HTTP Server 2.4 vulnerabilities
Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys.
Overview : Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker
NGINX Controller versions prior to 3.2.0,
Overview : In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
Overview : GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. References Note: References are provided for the convenience
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability
Overview : Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow
cPanel before 84.0.20 allows a demo account to achieve remote code execution
Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation
Overview : Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.An information disclosure vulnerability has
cPanel before 82.0.18 Account bypass vulnerability
Overview : cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). Affected
Security issues for SAP products
Overview : Multiple issues was discovered in SAP products Affected Product(s) : SAP Solution Manager 720 SAP Enable Now before
Security Notice for CA Unified Infrastructure Management
Overview : Multiple issues was discovered in CA Unified Infrastructure Management Affected Product(s) : UIM product versions 9.20 and below
Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities
Overview : Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers
XSS in WordPress Elementor Plugin 2.8.4
Overview : The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These
D-Link DSR-250N Persistent Root Access
Overview : D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin
Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504 is on authentication bypass vuln
Overview : An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript
A Cross-Site Scripting (XSS) vulnerability exists in Freebox OS Web interface 3.0.2
Overview : A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in
API Security Web Application Firewall
How can you secure your Exposed services without installing the patch by the vendor? Have a look at the use