Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)

Vendor: Oracle Vendor URL: https://www.oracle.com/ Versions affected: 8.0.0.0-8.4.0.5 Systems Affected: Oracle Communications Diameter Signaling Router CVE Identifier: CVE-2020-14787 (XSS), CVE-2020-14788 (SQL Injection) Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html Risk: Medium – 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) (SQL injection) Risk: Medium - 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) (Reflected Cross-Site Scripting) Authors: Viktor Gazdag - viktor.gazdag[at]nccgroup[dot]com Ioannis Charalambous - ioannis.charalambous[at]nccgroup[dot]com Summary Based on the Oracle product … Continue reading Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)

Story of a Hundred Vulnerable Jenkins Plugins

Jenkins is an open source tool supporting building, deploying and automating software development and delivery, and can be extended by plugins to introduce additional functionalities like Active Directory authentication, or solve reoccurring tasks such as executing a static code analyser or copying a compiled software to a CIFS share. Similar to WordPress, the core framework … Continue reading Story of a Hundred Vulnerable Jenkins Plugins