Hot Topics

Editors' Choice

3

Microsoft President: Governments Must Cooperate on Cybersecurity

Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018

2

Why the CISSP Remains Relevant to Cybersecurity After 28 Years

Steven Paul Romero, SANS Instructor and Sr. SCADA Network Engineer, Chevron,  11/6/2018

2

5 Reasons Why Threat Intelligence Doesn't Work

Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018

Benefits of DNS Service Locality

Paul Vixie, Chairman & CEO, Farsight Security, Inc.,  10/24/2018

Windows 7 End-of-Life: Are You Ready?

Kelly Sheridan, Staff Editor, Dark Reading,  10/24/2018

County Election Websites Can Be Easily Spoofed to Spread Misinformation

Jai Vijayan, Freelance writer,  10/25/2018

Subscribe to Newsletters

Live Events

Webinars

More UBM Tech
Live Events

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Communications & Collaboration 2022 at EC19 Orlando March 18-21

Developing a Customized Defense Against Targeted Attacks

The Insider Threat: Real Defense for Real Businesses

Trends in Online Attacks

Webinar Archives

White Papers

2018 Cyberthreat Defense Report

What is the Main Obstacle to Security?

Mitigating False-Positives to Improve Software Publishing

Cybersecurity Profile: USA

The Changing Landscape of U.S. Election Security

More White Papers

Video

How Secure Are Our Voting Systems?

3 Comments

Don't Overestimate WebAssembly's Security

0 Comments

SirenJack: Cracking SF's Emergency System

2 Comments

DeepLocker Hides Targeted Attacks

1 Comments

Forensic Analysis of 'Worst Voting ...

0 Comments

The Uncertain Fate of WHOIS, & Other ...

1 Comments

Stopping Payment Card Fraud With Threat Intel

0 Comments

Malicious Cryptomining & Other Shifting ...

0 Comments

The Economics of AI-Enabled Security

0 Comments

Threat Deception for Insider Threat

0 Comments

Filtering the Threat Intel Tsunami

0 Comments

Ensuring Hardened, Secure Web Apps

0 Comments

All Videos

Cartoon

Latest Comment: You know, at first glance, I liked the idea of wearable tech.. Never through it would be a security risk.

Cartoon Archive

Current Issue

10 Emerging Threats Every Enterprise Should Know About

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Online Malware and Threats: A Profile of Today's Security Posture

This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!

Download Now!

The Risk Management Struggle

0 comments

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-19220
PUBLISHED: 2018-11-12

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.

CVE-2018-19221
PUBLISHED: 2018-11-12

An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter.

CVE-2018-19222
PUBLISHED: 2018-11-12

An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.

CVE-2018-19223
PUBLISHED: 2018-11-12

An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.

CVE-2018-19224
PUBLISHED: 2018-11-12

An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.