CVE-2017-11165
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
Read MoreAuthor: Cyberthreat Blog
CVE-2017-11167
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager “Add Site” action to enter this code after a ‘, sequence in a domain name, as demonstrated by the ‘,phpinfo()...
Read MoreCVE-2016-8638
A vulnerability in ipsilon was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions...
Read MoreCVE-2017-7678
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user’s trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to...
Read MoreMobile Devices and Other Remote Access (Part 13 of 20: CERT Best Practices to Mitigate Insider Threats Series)
The 13th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 13: Monitor and control remote access from all end points, including mobile devices. In this post, I...
Read More