Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856PUBLISHED: 2021-04-20A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793PUBLISHED: 2021-04-20vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...
User Rank: Apprentice
8/27/2014 | 6:51:54 PM
Application security problems stem from attacks. MITRE CAPEC describes the underlying model for attacks, while PTES, OSSTMMv4, and OWASP guides such as the Testing Guide and ASVS 2.0 standards cover the open methods.
There are also models (CWE) and methods (OWASP Dev Guide, SAFEcode, Microsoft SDL, etc) for building secure software, but this is where security and appdev activities are split.
On Twitter, someone important today said, "a design flaw is a property of the design that allows an attacker to violate one of your security objectives".