Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35327PUBLISHED: 2021-03-04SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
CVE-2020-35328PUBLISHED: 2021-03-04Courier Management System 1.0 - 'First Name' Stored XSS
CVE-2020-35329PUBLISHED: 2021-03-04Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
CVE-2021-22183PUBLISHED: 2021-03-04An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.
CVE-2021-22189PUBLISHED: 2021-03-04Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.
User Rank: Ninja
7/13/2018 | 9:19:19 AM
In "Identifying Encrypted Malware traffic with Contextual Flow Data" (Blake Anderson, David McGrew) for instance, the authors wrote a custom libcap-based tool to capture data features from live traffic. Some characteristics they identified as being attached to malware within the encrypted traffic included larger numbers of characters in the domain, much larger numbers of IPs per DNS request, and of course each we not found on Alexa top-N lists.
Not all features were as easily defined between traffic containing malware and not, but this paper and others since are a good sign all is not lost through the shift to HTTPs.