Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132PUBLISHED: 2021-02-27SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284PUBLISHED: 2021-02-27An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144PUBLISHED: 2021-02-27In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148PUBLISHED: 2021-02-27An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...
User Rank: Ninja
8/16/2018 | 2:22:39 PM
So this goes beyond the ADFS Vulnerability, this says as humans we are ultimately flawed, where if pushed hard enough with the right level of influence, anyone could be susceptible to being compromised.
So to be honest, all of this security talk is nothing more than a facade, so basically, anyone can be compromised. So then the answer to our security concerns is not the technology, it is the people.
T