CVE-2021-40694
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
Read MoreCategory: Uncategorized
CVE-2020-0575
Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access.
Read MoreCVE-2020-24046
A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be...
Read MoreCVE-2020-14181
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before...
Read MoreCVE-2020-11117
u’In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.’ in Snapdragon Connectivity, Snapdragon...
Read MoreCVE-2020-1200 (sharepoint_enterprise_server, sharepoint_foundation, sharepoint_server)
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This...
Read MoreSept 18, 2020 Webinar: Community Resilience and the Role of Federal Support
Dr. Therese McAllister of NIST’s Community Resilience Program will be presenting on Community Resilience and the Role of Federal Support in Florida International University’s Preeminent Institute for Resilient and...
Read MoreWhat’s in Your Clipboard? Pillaging and Protecting the Clipboard, (Fri, Sep 11th)
Recently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note – if you know and can type any of your passwords in 2020, you should at least partially...
Read MoreCVE-2020-1575 (sharepoint_foundation)
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS...
Read MoreWhat’s in Your Clipboard? Pillaging and Protecting the Clipboard, (Fri, Sep 11th)
Recently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note – if you know and can type any of your passwords in 2020, you should at least partially...
Read MoreOffice Documents with Embedded Objects, (Sat, Sep 12th)
A reader asked about another malicious file, thinking it is an intentionally corrupt ZIP file. If you follow the steps I showed in diary entry “Office: About OLE and ZIP Files”, you will see that it is not a corrupt...
Read MoreCVE-2020-12247
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two...
Read More