Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities
If an adversary could capture an authentication packet, it contains all the necessary information to steal the target user’s username and password for the software.
Vulnerability Spotlight: Node-SQLite3 issue could lead to denial of service in Ghost CMS
Due to JSON format limitations, the vulnerability only manifests itself as a remote denial of service in Ghost CMS, which crashes the Node.js process. However, the vulnerability could potentially lead to remote code execution in other products that use it.
Vulnerability Spotlight: EIP Stack Group OpENer open to two remote code execution vulnerabilities
Two of the vulnerabilities are considered to be considered of critical importance, with a CVSS score of a maximum 10 out of 10.
Vulnerability Spotlight: OS command injection, directory traversal and other vulnerabilities found in Siretta Quartz-Gold and FreshTomato
Cisco Talos recently discovered several vulnerabilities in the Siretta Quartz-Gold router. Talos also discovered vulnerabilities in FreshTomato while investigating the Siretta router. The Siretta Quartz-Gold is an industrial cellular router with several features and services, su
Vulnerability Spotlight: XSS vulnerability in Ghost CMS
Dave McDaniel of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a cross-site scripting (XSS) vulnerability in Ghost CMS. Ghost is a content management system with tools to build a website, publish content and send newsletters. Ghost offers paid subsc
Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML
Emma Reuter and Theo Morales of ASIG and Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Cisco ASIG and Cisco Talos recently discovered code execution vulnerabilities in QT QML. Qt is a popular software suite primarily used to create graphical user interface
Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered
Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it is configurable via an HTTP server ru
Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service
Cisco Talos recently discovered nineteen vulnerabilities in OpenImageIO, an image processing library, which could lead to sensitive information disclosure, denial of service and heap buffer overflows which could further lead to code execution. OpenImageIO is an image processing
Vulnerability Spotlight: Authentication bypass and enumeration vulnerabilities in Ghost CMS
Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability. Ghost is a content management system with tools to build