Category Archives: Vulnerabilities

Nearly 40 different models sold by 20 different brands Millions of home Wi-Fi routers are under attack by botnet malware, just a week after a researcher put up a blog post showing how to exploit a vulnerability in the routers’ firmware. The researcher, Evan Grant, isn’t entirely at fault for this. He’s the one who found […]

A critical security vulnerability has been disclosed in HAProxy (https://en.wikipedia.org/wiki/HAProxy) , a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. Tracked as CVE-2021-40346 (https://nvd.nist.gov/vuln/detail/CVE-2021-40346), […]

Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned. Two vulnerabilities have been found in the Gutenberg Template Library & Redux Framework plugin for WordPress, which is installed on more than 1 million websites. They could allow arbitrary plugin installation, post deletions and access to […]

Medium Advisory ID: cisco-sa-sni-data-exfil-mFgzXqLN First Published: 2021 August 18 16:00 GMT Version 1.0: Interim Workarounds: No workarounds available Cisco Bug IDs: CSCvy50873CSCvy64824CSCvy76771 CVSS Score: Base 5.8 CVE-2021-34749 CWE-200 Download CVRF Email Summary A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort […]

ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. Researchers at IoT security firm Armis discovered an authentication bypass vulnerability, tracked as CVE-2021-22779 and dubbed ModiPwn, that affects some of Schneider Electric ’s Modicon PLCs. The flaw can be exploited by an unauthenticated attacker […]