3 min
Vulnerability Disclosure
CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)
OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620.
9 min
Vulnerability Disclosure
Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities
Today, we're announcing a coordinated vulnerability disclosure on a set of address bar spoofing vulnerabilities that affect a number of mobile browsers.
3 min
Vulnerability Disclosure
CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed
On Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021 a new, critical weakness in SAML authentication on PAN-OS devices.
4 min
Vulnerability Management
May 2020 Cisco Remote Vulnerabilities Guidance
Cisco has posted patches for 34 vulnerabilities on May 6, 2020, with half a dozen that require your immediate attention.
17 min
Vulnerability Disclosure
Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
In this blog, we break down what you need to know about the recent Zoom security issues and its vulnerability remediation process.
4 min
Vulnerability Disclosure
R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)
This post describes CVE-2019-5648, a vulnerability in the Barracuda Load Balancer ADC.
2 min
Vulnerability Disclosure
R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities
Multiple information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries.
4 min
IoT
IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)
In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.
6 min
Vulnerability Disclosure
R7-2019-32: Denial-of-Service Vulnerabilities in Beckhoff TwinCAT PLC Environment
Rapid7 researcher Andreas Galauner has discovered two vulnerabilities affecting the TwinCAT PLC environment.
11 min
Vulnerability Disclosure
R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)
This disclosure describes R7-2019-09, composed of three vulnerabilities in the
Basic Laboratory Information System (BLIS). Due to flawed authentication and
authorization verification, versions of BLIS < 3.5 are vulnerable to
unauthenticated password resets (R7-2019-09.1), and versions of BLIS < 3.51 are
vulnerable to unauthenticated enumeration of facilities and usernames
(R7-2019-09.2) as well as unauthenticated updates to user information
(R7-2019-09.3).
These vulnerabilities are summarized i
2 min
Vulnerability Management
August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know
A new set of vulnerabilities in RDP impact every modern version of Windows. Here's what you need to know.
9 min
Vulnerability Disclosure
R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities
The Hickory Smart BlueTooth Enabled Deadbolt IoT ecosystem (which includes mobile applications as well as a cloud-hosted web and MQTT infrastructure) has several vulnerabilities.
3 min
Vulnerability Disclosure
Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know
Here's what you need to know about the recent Zoom vulnerability disclosure.
3 min
Windows
Microsoft Windows RDP Network Level Authentication Bypass (CVE-2019-9510): What You Need to Know
CERT/CC has released an advisory regarding discovered behavior in the Microsoft Windows Remote Desktop Protocol (RDP), which can allow an attacker to bypass the lock screen on some remote sessions.
9 min
Vulnerability Disclosure
Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)
Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.