Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5148PUBLISHED: 2021-03-05
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall a...
CVE-2020-36255PUBLISHED: 2021-03-05An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.
CVE-2019-18351PUBLISHED: 2021-03-05
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijac...
CVE-2021-27963PUBLISHED: 2021-03-05SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
CVE-2021-27964PUBLISHED: 2021-03-05SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
User Rank: Ninja
8/3/2015 | 2:25:14 PM
Raffael Marty, founder and CEO of PixlCloud, about using visualization to make log analysis and forensic investigations more efficient and effective
Adam Kozy, researcher at CrowdStrike, to discuss China's Great Cannon offensive system