Posted by Darya Maenkova on May 15

*Intro*

On 11th of May, a security headline broke out in the news, it was about
an attack on USIS (U.S. Investigations Services) conducted potentially
by Chinese state-sponsored hackers via a vulnerability in SAP Software.
Hackers broke into third-party software in 2013 to open personal records
of federal employees and contractors with access to classified
intelligence, according to the government’s largest private employee…

Posted by MustLive on May 15

Hello list!

There are vulnerabilities in Hikvision DS-2CD2012-I.

These are XML Injection, Abuse of Functionality and Brute Force
vulnerabilities. All these vulnerabilities are present in other IP cameras
and DVR of Hikvision.

————————-
Affected vendors:
————————-

Hikvision
http://www.hikvision.com

————————-
Affected products:
————————-

Vulnerable are the next models with…

Posted by Nitin Venkatesh on May 15

# Title: Cross-site Request Forgery & Cross-site Scripting in Encrypted
Contact Form WordPress Plugin v1.0.4
# Submitter: Nitin Venkatesh
# Product: Encrypted Contact Form WordPress Plugin
# Product URL: https://wordpress.org/plugins/encrypted-contact-form/
# Vulnerability Type: Cross-site Request Forgery [CWE-352], Cross-site
scripting[CWE-79]
# Affected Versions: v1.0.4 and possibly below.
# Tested versions: v1.0.4
# Fixed Version: v1.1
#…