Category Archives: Vulnerabilities

HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack

A critical security vulnerability has been disclosed in HAProxy (https://en.wikipedia.org/wiki/HAProxy) , a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. Tracked as CVE-2021-40346 (https://nvd.nist.gov/vuln/detail/CVE-2021-40346), […]

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned. Two vulnerabilities have been found in the Gutenberg Template Library & Redux Framework plugin for WordPress, which is installed on more than 1 million websites. They could allow arbitrary plugin installation, post deletions and access to […]

Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability

Medium Advisory ID: cisco-sa-sni-data-exfil-mFgzXqLN First Published: 2021 August 18 16:00 GMT Version 1.0: Interim Workarounds: No workarounds available Cisco Bug IDs: CSCvy50873CSCvy64824CSCvy76771 CVSS Score: Base 5.8 CVE-2021-34749 CWE-200 Download CVRF Email Summary A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort […]

ModiPwn flaw in Modicon PLCs bypasses security mechanisms

ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. Researchers at IoT security firm Armis discovered an authentication bypass vulnerability, tracked as CVE-2021-22779 and dubbed ModiPwn, that affects some of Schneider Electric ’s Modicon PLCs. The flaw can be exploited by an unauthenticated attacker […]

Adobe: Critical Flaws in Reader, Acrobat, Illustrator

Adobe has issued multiple security advisories with patches for critical vulnerabilities in a wide range of software products, including the ever-present Adobe Acrobat and Reader application. The Mountain View, Calif.-based Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution […]