Latest Security News about attack

Contact us to Fix the issue

Apache Shiro before 1.4.2 prone to padding attack

Overview : Apache Shiro before 1.4.2 padding attack through susceptible cookies Affected Product(s) : Apache Shiro 1.4.1 Vulnerability Details : CVE ID : CVE-2019-12422 Apache Shiro before 1.4.2, when using the default “remember me” configuration, cookies could be susceptible to a padding attack. Solution : Upgrade Apache Shiro to version 1.4.2 or higher.

Contact us to Fix the issue

SQL Injection attack in pimcore before 6.3.0

Overview : Pimcore data leakage Flaws through SQL Injection Affected Product(s) : pimcore/pimcore before 6.3.0 Vulnerability Details : CVE ID : CVE-2019-10763 pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via ‘id’, ‘storeId’, […]

Contact us to Fix the issue

Matrix Synapse APIs prone to attack

Overview : Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Affected Product(s) : Matrix Synapse before 1.5.0 Vulnerability Details : CVE ID : CVE-2019-18835   Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. Solution : Update to Matrix Synapse 1.5.0 […]

Contact us to Fix the issue

Attacks found in Honeywell Cameras

Overview : Multiple flaws was discovered in Honeywell equIP and Performance Series IP Cameras Affected Product(s) : Security Notification SN 2019-09-13 01 Vulnerability Details : CVE ID : CVE-2019-18230 A vulnerability exists where the affected product allows unauthenticated access to audio streaming over HTTP. CVE-2019-18230 has been assigned to this vulnerability. A CVSS v3 base […]