US-CERT Vulnerability Summary for the Week of March 13, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Month: March 2023
HackerOne Bug Bounty Disclosure: chat-room-member-disclosure-via-autocomplete-apibylukasreschke
Programme HackerOne Nextcloud Nextcloud Submitted by lukasreschke lukasreschke Report Chat room member disclosure via autocomplete API Full Report A...
HackerOne Bug Bounty Disclosure: accessing-unauthorized-administration-pages-and-seeing-admin-password—speakerkit-state-govbyqualw1n
Programme HackerOne U.S. Department of State U.S. Department of State Submitted by qualw1n qualw1n Report Accessing unauthorized administration pages and...
LockBit 3.0 Ransomware Victim: precisionit[.]co[.]in
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: emotorsdirect[.]ca
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: securens[.]in
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: demechindia[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Human Resource Management System /hrm/controller/login.php SQL injection |
NAME__________Human Resource Management System /hrm/controller/login.php SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Human Resource Management System is vulnerable to SQL injection. A...
REBUILD SQL injection | CVE-2023-1610
NAME__________REBUILD SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________REBUILD is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements...
Temenos cross-site scripting | CVE-2023-24367
NAME__________Temenos cross-site scriptingPlatforms Affected:Temenos T24 R20Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Temenos is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
VMware Tanzu Spring Vault information disclosure | CVE-2023-20859
NAME__________VMware Tanzu Spring Vault information disclosurePlatforms Affected:VMware Tanzu Spring Vault 2.3.0 VMware Tanzu Spring Vault 2.3.2 VMware Tanzu Spring Vault...
MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosure | CVE-2022-45634
NAME__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosurePlatforms Affected:Risk Level:7.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________MEGAFEIS, BOFEI DBD+ Application for...
REBUILD SQL injection | CVE-2023-1612
NAME__________REBUILD SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________REBUILD is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements...
REBUILD cross-site scripting | CVE-2023-1613
NAME__________REBUILD cross-site scriptingPlatforms Affected:Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________REBUILD is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...
Online Pizza Ordering System /php-opos/index.php SQL injection |
NAME__________Online Pizza Ordering System /php-opos/index.php SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Online Pizza Ordering System is vulnerable to SQL injection. A...
TOTOLINK CP900 command execution | CVE-2022-28494
NAME__________TOTOLINK CP900 command executionPlatforms Affected:Risk Level:7.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________TOTOLINK CP900 could allow a remote attacker to execute arbitrary commands...
Cisco ASA, FTD, IOS and IOS XE Software denial of service | CVE-2023-20081
NAME__________Cisco ASA, FTD, IOS and IOS XE Software denial of servicePlatforms Affected:Cisco Adaptive Security Appliance Software Cisco IOS Software Cisco...
MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosure | CVE-2022-45635
NAME__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosurePlatforms Affected:Risk Level:7.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________MEGAFEIS, BOFEI DBD+ Application for...
Grafana cross-site scripting | CVE-2023-1410
NAME__________Grafana cross-site scriptingPlatforms Affected:Grafana Grafana 8.5.21 Grafana Grafana 9.3.8 Grafana Grafana 9.2.13 Grafana Grafana 9.4.3Risk Level:6.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Grafana is vulnerable...
E-Commerce System security bypass | CVE-2023-1557
NAME__________E-Commerce System security bypassPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________E-Commerce System could allow a remote authenticated attacker to bypass security restrictions, caused...
NETGEAR Orbi WiFi Systems information disclosure |
NAME__________NETGEAR Orbi WiFi Systems information disclosurePlatforms Affected:NETGEAR RBR750 NETGEAR RBS750 NETGEAR RBR840 NETGEAR RBS840 NETGEAR RBR850 NETGEAR RBS850 NETGEAR RBRE960...
Judging Management System SQL injection | CVE-2023-1556
NAME__________Judging Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Judging Management System is vulnerable to SQL injection. A remote authenticated attacker...
crewjam/saml go library denial of service | CVE-2023-28119
NAME__________crewjam/saml go library denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________crewjam/saml go library is vulnerable to a denial of service,...
NETGEAR Orbi WiFi Systems command execution |
NAME__________NETGEAR Orbi WiFi Systems command executionPlatforms Affected:NETGEAR RBR750Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________NETGEAR Orbi WiFi Systems could allow a remote authenticated attacker...