alarmSecurity News
Iran Denies Successful Cyber Attacks on Oil Sector
2019-09-21 07h55
2019-09-21 07h55
Iran denied on Saturday its oil infrastructure had been successfully attacked by a cyber...
Friday Squid Blogging: Piglet Squid
2019-09-20 17h11
2019-09-20 17h11
Another piglet squid video. As usual, you can also use this squid post to talk about the...
Disgraced ex-Kaspersky guy made me do it, says bloke in Russian court on hacking charges
2019-09-20 17h00
2019-09-20 17h00
Oh no I didn't, says disgraced ex-Kaspersky guy An accused Russian hacker has claimed...
How to avoid the dreaded Video4Linux flaw in Android
2019-09-20 16h26
2019-09-20 16h26
With Google dragging its feet on the fix for Video4Linux, you might consider revoking camera...
Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica
2019-09-20 15h48
2019-09-20 15h48
Facebook said it has suspended and banned tens of thousands of apps on its platform after its...
Facebook Suspends 'Tens of Thousands' of Apps in Privacy Review
2019-09-20 15h13
2019-09-20 15h13
Facebook said Friday it suspended "tens of thousands" of apps on its platform as a result of its...
Eight U.S. Cities Impacted in New Series of Click2Gov Breaches
2019-09-20 14h34
2019-09-20 14h34
More than 20,000 records from eight cities across the United States have been compromised in a...
Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago
2019-09-20 13h50
2019-09-20 13h50
Earlier this month I made fun of a company called Crown-Sterling, for...for...for being a...
Forcepoint VPN Client is Vulnerable to Privilege Escalation Attacks
2019-09-20 12h00
2019-09-20 12h00
Forcepoint has fixed a privilege escalation vulnerability in its VPN Client for Windows.
Bulgarian phishing gang member who lived with his parents jailed for part in £40m fraud ring
2019-09-20 12h00
2019-09-20 12h00
37-year-old was extradited to Blighty to stand trial A Bulgarian phishing criminal who created...
securityVulnerabilities by Risk-level
13% Critical
22% High
38% Moderate
27% Low
Vulnerabilities by Vendor
Latest Vulnerabilities
Cross-Site Scripting (XSS) vulnerability in Websimon Tables Project Websimon Tables 1.3.4
2019-09-20 16h15
The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. Cross-Site Scripting (XSS)
Low
Cross-Site Scripting (XSS) vulnerability in Neuvoo Jobroll 2.0
2019-09-20 16h15
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. Cross-Site Scripting (XSS)
Medium
SQL Injection vulnerability in Tuzicms 2.0.6
2019-09-20 16h15
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the... SQL Injection
High
Cross-Site Scripting (XSS) vulnerability in Zrlog 2.0.1
2019-09-20 16h15
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. Cross-Site Scripting (XSS)
Low
Cross-Site Scripting (XSS) vulnerability in Webmaster Source Gocodes 1.3.5
2019-09-20 16h15
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. Cross-Site Scripting (XSS)
Low
Latest Critical Vulnerabilities
Injection vulnerability in Atlassian Jira
2019-09-19 15h15
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10... Injection
9.0
Undefined vulnerability in Linux NFS Utils 1.3.034.18.1/2.1.16.10.2
2019-09-19 14h15
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version... Undefined
10.0
Input Validation vulnerability in Tibco Enterprise Runtime FOR R and Spotfire Analytics Platform FOR AWS
2019-09-18 23h15
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition,... Input Validation
9.0
Input Validation vulnerability in Tibco Enterprise Runtime FOR R and Spotfire Analytics Platform FOR AWS
2019-09-18 23h15
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition,... Input Validation
10.0
Code Injection vulnerability in Advantech Webaccess 8.4.1
2019-09-18 22h15
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper... Code Injection
9.0
Undefined vulnerability in Advantech Webaccess 8.4.1
2019-09-18 21h15
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an... Undefined
9.0
Code Injection vulnerability in Open EMR Openemr 5.0.16
2019-09-16 17h15
OpenEMR v5.0.1-6 allows code execution. Code Injection
9.0
OS Command Injections vulnerability in Dlink DNS 320 Firmware 2.05.b10
2019-09-16 12h15
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. OS Command Injections
10.0
OS Command Injections vulnerability in Gitlabhook Project Gitlabhook 0.0.17
2019-09-13 18h15
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability.... OS Command Injections
10.0
OS Command Injections vulnerability in Arubanetworks Arubaos 8.0.0.0
2019-09-13 17h15
A command injection vulnerability is present in the web management interface of ArubaOS that... OS Command Injections
9.0
CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.