7 Cool Cyberattack and Audit Tools to be Highlighted at Black Hat Europe

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-7032
PUBLISHED: 2020-11-13

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.

CVE-2020-7033
PUBLISHED: 2020-11-13

A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.

CVE-2020-27193
PUBLISHED: 2020-11-12

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

CVE-2020-13877
PUBLISHED: 2020-11-12

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.

CVE-2020-17494
PUBLISHED: 2020-11-12

Untangle Firewall NG before 16.0 uses MD5 for passwords.

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips