Barracuda to Acquire Fyde for Zero-Trust Capabilities

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

PUBLISHED: 2020-11-13

An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through and 8.0 through 8.1.2.

PUBLISHED: 2020-11-13

A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.

PUBLISHED: 2020-11-12

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

PUBLISHED: 2020-11-12

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.

PUBLISHED: 2020-11-12

Untangle Firewall NG before 16.0 uses MD5 for passwords.

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips