Pilfered Wawa Payment Card Data Now for Sale on Dark Web

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-20215
PUBLISHED: 2020-01-29

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker t…

CVE-2019-20216
PUBLISHED: 2020-01-29

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an atta…

CVE-2019-20217
PUBLISHED: 2020-01-29

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attack…

CVE-2020-8428
PUBLISHED: 2020-01-29

fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, …

CVE-2020-5227
PUBLISHED: 2020-01-28

Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial o…

Thanks to the Courtesy of :

https://www.darkreading.com/attacks-breaches/pilfered-wawa-payment-card-data-now-for-sale-on-dark-web/d/d-id/1336903?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Leave a Reply