Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

CVE-2020-36529

A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely.

CVE
#vulnerability#php#acer
Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure

Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a configuration disclosure vulnerability.

Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure

Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key disclosure vulnerability.

CVE-2022-30425: Zero Science Lab » Tenda HG6 v3.3.0 Remote Command Injection Vulnerability

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request.

WordPress User Meta Lite / Pro 2.4.3 Path Traversal

WordPress User Meta Lite and Pro plugin versions 2.4.3 and below suffer from a path traversal vulnerability.

Third-Party Scripts on Websites Present a 'Broad & Open' Attack Vector

Nearly half of the world's largest websites use externally generated JavaScript that makes them ripe targets for cyberattackers interested in stealing data, skimming credit cards, and executing other malicious actions.

Chicago students lose data to ransomware attackers

A recent breach notification has revealed some 490,000+ students were impacted by a ransomware attack last December. The post Chicago students lose data to ransomware attackers appeared first on Malwarebytes Labs.

Partial Patching Still Provides Strong Protection Against APTs

Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.

CVE-2021-43729: Hunting for Vulnerabilities in Low-Cost WiFi Repeaters

Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter.

CVE-2022-28964: NEW Avast Version 22.1 (January 2022)

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.