BenTasker.co.uk

Home
Blog
Whitepapers
Documentation
Videos
Shop
Photography

Home / Blog / Security

Latest Posts

Vauxhall Corsa D: Oil Pressure Switch Replacement
Generating a Vanity Address for Version 3 Onions
Saab 9-3: Rear Pads and Disc Replacement
Tuning Pi-Hole to cope with huge query rates
Automatically Mounting Secondary Encrypted Disk/Partition at Boot

This site should work without Javascript enabled. If you find something doesn't, please Contact Me.

Security

Cynet 360 Uses Insecure Control Channels	23 April 2020
Spamhaus still parties like it's 1999	16 October 2019
Twitter Screws Up With Data It Shouldn't Hold	09 October 2019
The Curious Case of BitFi and Secret Persistence	16 July 2019
A guide to designing Account Security Mechanisms	26 March 2017
Don't Use Web2Tor/Tor2Web (especially Onion.cab)	04 March 2017
The State of Mobile Banking (in the UK)	21 June 2016
The DVLA is routinely sending sensitive details via email	28 December 2014
Understanding Password Storage	22 June 2014
My Own Little HeartBleed Headache	19 April 2014

Page 1 of 3

Start
Prev
1
2
3
Next
End

Recent CVEs

CVE-2012-0955
CVE-2017-15680 (crafter_cms)
CVE-2017-15681 (crafter_cms)
CVE-2017-15682 (crafter_cms)
CVE-2017-15683 (crafter_cms)
CVE-2017-15684 (crafter_cms)
CVE-2017-15685 (crafter_cms)
CVE-2017-15686 (crafter_cms)
CVE-2019-16958
CVE-2019-19869

Return to listing

CVE-2012-0955

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92.

CVE-2017-15680 (crafter_cms)

In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.

CVE-2017-15681 (crafter_cms)

In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.

CVE-2017-15682 (crafter_cms)

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.

CVE-2017-15683 (crafter_cms)

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

CVE-2017-15684 (crafter_cms)

Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.

CVE-2017-15685 (crafter_cms)

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

CVE-2017-15686 (crafter_cms)

Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal usersâ€™ cookies.

CVE-2019-16958

Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.

CVE-2019-19869

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.

Latest Posts

Vauxhall Corsa D: Oil Pressure Switch Replacement
Generating a Vanity Address for Version 3 Onions
Saab 9-3: Rear Pads and Disc Replacement
Tuning Pi-Hole to cope with huge query rates
Automatically Mounting Secondary Encrypted Disk/Partition at Boot

License Details
Privacy Policy
Cookies
Stored Data
Sitemap

Donations BTC: 14hJYqCNLi7yJH8QkUqB2VEg3jx4pXBN5X / https://paypal.me/BTasker

Based on a template by JoomSpirit, customised by B Tasker

JoomSpirit

About this template