SevenRooms – 1,205,385 breached accounts
HIBP In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to...
Month: August 2023
US-CERT Vulnerability Summary for the Week of August 14, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofoldingathome -- client_advanced_controlAn issue was discovered in FoldingAtHome Client Advanced Control GUI...
Holehe – Tool To Check If The Mail Is Used On Different Sites Like Twitter, Instagram And Will Retrieve Information On Sites With The Forgotten Password Function
Holehe Online Version Summary Efficiently finding registered accounts from emails. Holehe checks if an email is attached to an account...
HackerOne Bug Bounty Disclosure: b-improper-access-control-on-linkedin-page-b-cybergoddess
Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'cybergoddess'Link to Submitters Profile:https://hackerone.com/b'cybergoddess' Report Title:b'Improper access control on Linkedin Page'Report Link:https://hackerone.com/reports/1587246Date...
HackerOne Bug Bounty Disclosure: b-a-unverified-user-can-post-newsletter-which-is-not-allowed-through-application-ui-b-tushar
Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'tushar6378'Link to Submitters Profile:https://hackerone.com/b'tushar6378' Report Title:b'A Unverified User Can Post Newsletter (Which...
HackerOne Bug Bounty Disclosure: b-cache-poisoning-allows-redirection-on-js-files-b-youstin
Company Name: b'Glassdoor' Company HackerOne URL: https://hackerone.com/glassdoor Submitted By:b'youstin'Link to Submitters Profile:https://hackerone.com/b'youstin' Report Title:b'Cache Poisoning allows redirection on JS files'Report...
HackerOne Bug Bounty Disclosure: b-idor-allows-an-attacker-to-delete-anyone-s-featured-photo-b-adilnbabras
Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'adilnbabras'Link to Submitters Profile:https://hackerone.com/b'adilnbabras' Report Title:b"IDOR allows an attacker to delete anyone's...
HackerOne Bug Bounty Disclosure: b-an-attacker-can-flag-draft-job-posts-and-can-disclose-the-draft-job-posts-details-similar-to-resolved-report-b-tushar
Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'tushar6378'Link to Submitters Profile:https://hackerone.com/b'tushar6378' Report Title:b'An Attacker Can Flag Draft Job Posts...
HackerOne Bug Bounty Disclosure: b-attackers-can-use-trial-premium-only-by-paying-idr-from-the-original-price-of-idr-per-month-b-find-me-here
Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'find_me_here'Link to Submitters Profile:https://hackerone.com/b'find_me_here' Report Title:b'Attackers can use TRIAL Premium only by...
CISA: CISA Releases Six Industrial Control Systems Advisories
CISA Releases Six Industrial Control Systems Advisories CISA released six Industrial Control Systems (ICS) advisories on August 24, 2023. These...
DarkGate reloaded via malvertising and SEO poisoning campaigns
In July 2023, we observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management...
HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37436
NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...
HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37434
NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...
HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37429
NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...
Netgear NMS300 command execution |
NAME__________Netgear NMS300 command executionPlatforms Affected:NETGEAR NMS300Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Netgear NMS300 could allow a remote attacker to execute arbitrary commands on...
HPE Aruba Networking EdgeConnect SD-WAN Orchestrator server-side request forgery | CVE-2023-37440
NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator server-side request forgeryPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect...
Pandora FMS file upload | CVE-2023-24517
NAME__________Pandora FMS file uploadPlatforms Affected:Artica Pandora FMS 767Risk Level:6.4Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Pandora FMS could allow a remote authenticated attacker to upload...
HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37432
NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...
HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37433
NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...
Pandora FMS server-side request forgery | CVE-2023-24515
NAME__________Pandora FMS server-side request forgeryPlatforms Affected:Artica Pandora FMS 767Risk Level:5.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Pandora FMS is vulnerable to server-side request forgery, caused...
FileMage Gateway Windows Deployments directory traversal | CVE-2023-39026
NAME__________FileMage Gateway Windows Deployments directory traversalPlatforms Affected:FileMage Gateway Windows Deployments 1.10.8Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________FileMage Gateway Windows Deployments could allow a...
HPE Aruba Networking EdgeConnect SD-WAN Orchestrator cross-site scripting | CVE-2023-37439
NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator cross-site scriptingPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...
HPE Aruba Networking EdgeConnect SD-WAN Orchestrator command execution | CVE-2023-37427
NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator command executionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...
HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injection | CVE-2023-37435
NAME__________HPE Aruba Networking EdgeConnect SD-WAN Orchestrator SQL injectionPlatforms Affected:HPE Aruba Networking EdgeConnect SD-WAN Orchestrator 9.0 HPE Aruba Networking EdgeConnect SD-WAN...
