Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3278PUBLISHED: 2021-01-26Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
CVE-2021-3285PUBLISHED: 2021-01-26jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.
CVE-2021-3286PUBLISHED: 2021-01-26SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
CVE-2021-3291PUBLISHED: 2021-01-26Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
CVE-2021-3297PUBLISHED: 2021-01-26On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
User Rank: Ninja
6/16/2013 | 3:24:00 PM
IT security team where I attend school, and they have several measures set up
for intrusion detection and penetration testing. Universities must keep up to date with threats
they are facing, by hiring third party red teams to try and penetrate their
systems. Not to mention these are
younger adults and maybe think they can us what they are learning and misuse it
for they own personal gains. At the very least Universities are more aware of
the threats they face so that they can better prepare for them.
Paul Sprague
InformationWeek Contributor