US Government Issues Warning on Kimsuky APT Group

US Government Issues Warning on Kimsuky APT Group
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database CVE-2020-27742PUBLISHED: 2020-10-28

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926&qu...

CVE-2020-27980PUBLISHED: 2020-10-28

Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.

CVE-2020-24990PUBLISHED: 2020-10-28

An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.

CVE-2020-25204PUBLISHED: 2020-10-28

The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the applicatio...

CVE-2020-27739PUBLISHED: 2020-10-28

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' ..