Zephyrnet Logo

Las Vegas Suffers Cyberattack on First Day of CES

Date:

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-20373
PUBLISHED: 2020-01-09

LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user’s shell lacks support for Bourne shell syntax. This is related to a run-x-session script.

CVE-2019-20374
PUBLISHED: 2020-01-09

A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML saniti…

CVE-2020-6756
PUBLISHED: 2020-01-09

languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.

CVE-2020-6757
PUBLISHED: 2020-01-09

contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter.

CVE-2020-6758
PUBLISHED: 2020-01-09

A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows remote attackers to inject arbitrary web script or HTML via the ContentFrame parameter.

Republished from https://www.darkreading.com/attacks-breaches/las-vegas-suffers-cyberattack-on-first-day-of-ces-/d/d-id/1336753?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

spot_img

Latest Intelligence

spot_img