Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856PUBLISHED: 2021-04-20A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793PUBLISHED: 2021-04-20vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...
User Rank: Strategist
4/24/2014 | 9:01:40 AM
Our own (IS Decisions) research has shown that password sharing in business using Active Directory is indeed rampant. But with further restrictions on user access (limiting concurrent logins, location/time restrictions) users are significantly less likely to share passwords as it impacts their own ability to access the network. Such restrictions also help stop attacks from legitimate but stolen credentials.
Active Directory provides basic security, but it's vital to build on this with further restrictions and real time monitoring to what authenticated users can do. Software is available to do this in a way that is easy and user friendly.