vulnerability Archives - Security Report

three men sitting on chair beside tables

How can Salesforce community sites be exploited for data theft, by unauthenticated actors? 2 min read

How can Salesforce community sites be exploited for data theft, by unauthenticated actors?

Ax Sharma August 12, 2021

Salesforce Community sites can be exploited for data theft and reconnaissance activities by threat actors, due to a misconfiguration flaw.... Read More

Adobe has a free tool for you: its anti-piracy DRM! 2 min read

Adobe has a free tool for you: its anti-piracy DRM!

Ax Sharma May 25, 2021

It turns out, the American multimedia software giant Adobe that is known for its creative products including Photoshop, Illustrator, Premiere and Acrobat, has a free... Read More

black flat screen tv turned on showing game

Jailbreaking Roku sticks with RootMyRoku 3 min read

Jailbreaking Roku sticks with RootMyRoku

Ax Sharma May 20, 2021

This week, developers Marcus T. and Ammar Askar (llamasoft) have released an exploit called "RootMyRoku" which is capable of achieving persistent root jailbreak on select Roku devices.... Read More

Samsung Email bug could let attackers access your attachments 3 min read

Samsung Email bug could let attackers access your attachments

Ax Sharma April 11, 2021

This month, Samsung has fixed multiple high severity vulnerabilities across multiple Samsung apps including Samsung Email. By exploiting this vulnerability (CVE-2021-25375), a remote attacker could access email attachments from your Samsung Email app.... Read More

Git remote code execution vulnerability patched, upgrade now 1 min read

Git remote code execution vulnerability patched, upgrade now

Ax Sharma March 10, 2021

The Git project has released patches for a severe remote code execution (RCE) vulnerability, CVE-2021-21300 that can be exploited by attackers when their malicious repos are cloned.... Read More

WooCommerce fixes critical Upload Files vulnerability 3 min read

WooCommerce fixes critical Upload Files vulnerability

Ax Sharma March 5, 2021

A critical vulnerability CVE-2021-24171 in WooCommerce Upload Files plugin can be exploited through multiple routes like double extension and path traversal attacks.... Read More

PoC exploits for Apache Flink Path Traversal vulnerabilities posted 2 min read

News

PoC exploits for Apache Flink Path Traversal vulnerabilities posted

Ax Sharma January 6, 2021

This week Apache Flink has disclosed 2 path traversal vulnerabilities CVE-2020-17518 and CVE-2020-17519. Hackers have already posted Proof-of-Concept (PoC) exploits for these bugs.... Read More

Cloudflare WAF bypass exploits revealed 3 min read

Cloudflare WAF bypass exploits revealed

Ax Sharma January 4, 2021

A Cross-Site Scripting (XSS) protection bypass technique has been revealed for Cloudflare Web Application Firewall (WAF). The exploit has been publicly known since 2019 but remains unpatched.... Read More

Backdoor master password for thousands of Zyxel firewalls revealed 3 min read

Backdoor master password for thousands of Zyxel firewalls revealed

Ax Sharma January 1, 2021

Thousands of Zyxel firewalls and access point controllers contain a secret, undocumented hardcoded password giving anyone admin access through this zero-day.... Read More