Website Collecting Australian Fire Donations Hit by Magecart

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-6958
PUBLISHED: 2020-01-14

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

CVE-2020-6954
PUBLISHED: 2020-01-13

An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI.

CVE-2020-6955
PUBLISHED: 2020-01-13

An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.

CVE-2019-19680
PUBLISHED: 2020-01-13

A file-extension filtering vulnerability in ProofPoint Protection Server Email Firewall through 8.10 allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart ema…

CVE-2019-20142
PUBLISHED: 2020-01-13

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service.

Thanks to the Courtesy of :

https://www.darkreading.com/attacks-breaches/website-collecting-australian-fire-donations-hit-by-magecart/d/d-id/1336793?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Leave a Reply