Data on 1.4 Million Washington State Residents Breached

Subscribe to Newsletters

Webinar Archives

White Papers

A Practical Guide to SASE Migration

A Technical Deep Dive on Software Exploits

What To Consider Before Renewing Your SD-WAN

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: We’ve been trying to reach you about your cars extended warranty…

Cartoon Archive

Current Issue

2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that – so far – have shaped a very strange and stressful year.

Back Issues | Must Reads

Flash Poll

All Polls

Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-28493
PUBLISHED: 2021-02-01

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and lim…

CVE-2020-20290
PUBLISHED: 2021-02-01

Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions’ improper judgment of the request parameters, triggers a directory traversal vulnerability.

CVE-2020-20294
PUBLISHED: 2021-02-01

An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.

CVE-2020-20295
PUBLISHED: 2021-02-01

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.

CVE-2020-20296
PUBLISHED: 2021-02-01

An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.

The post Data on 1.4 Million Washington State Residents Breached appeared first on Malware Devil.

https://malwaredevil.com/2021/02/01/data-on-1-4-million-washington-state-residents-breached/?utm_source=rss&utm_medium=rss&utm_campaign=data-on-1-4-million-washington-state-residents-breached