Vulnerability E24.US

Remote code Execution Vulnerability in Microsoft SharePoint [CIVN-2020-0435]

December 18, 2020December 18, 2020 Dani

https://www.cert-in.org.in/ Severity Rating: HIGH Software Affected : Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 Overview : Multiple vulnerabilities exist in Microsoft SharePoint which could allow a remote attacker to execute arbitrary code on a targeted system. Description : These vulnerabilities exist due to improper input validation in Microsoft SharePoint. A remote attacker can send a specially crafted request and execute arbitrary code on the targeted system. Successful exploitation of these vulnerabilities may result in…

Zoom Zero-Day Exploits Sold for $500,000

April 17, 2020April 17, 2020 Dani

Zoom popular video conferencing app has been in a huge controversy recently for sending data to Facebook along with encryption issues which allowed hackers to upload the Zoom recordings on Youtube. It has been rumored that the zoom account is being sold by hackers on the dark web There are two Zoom zero-day exploits one for Windows and one for Mac OS which is priced for $500,000. The major flaws in the app allow hackers to attack the user accounts and spy on their calls. Windows Zero-Day in…

Vulnerabilities Affected Millions of Cisco Switches, Routers and devices

March 15, 2020April 16, 2020 Tech User

Critical Vulnerabilities Affected Millions of Cisco Switches, Routers, IP Phones and Cameras. Researchers discovered 5 critical zero-day vulnerabilities (dubbed CDPwn) in Cisco Discovery Protocol that are used in multiple Cisco products such as Routers, Switches, IP phones, Cameras and more. Cisco Discovery Protocol is also known as CDP is the Cisco proprietary Layer 2 (Data Link Layer) network protocol and is virtually implemented in Cisco products including switches, routers, IP phones, and cameras to discover the information about the Cisco equipment. Four of the five vulnerabilities are remote code execution (RCE) vulnerabilities that…

Critical Zoom Vulnerability Allows Hackers to Steal your Password

March 9, 2020April 16, 2020 Tech User

A critical vulnerability with the Zoom client for windows allows attackers to steal Windows login credentials.

Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration.