CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds
A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business...
Month: August 2023
Black Basta Ransomware Victim: GROUPHC
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App
A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under...
Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates
A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong...
Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software
Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it...
Cisco P Phone 6800, 7800, and 8800 Series cross-site request forgery | CVE-2023-20237
NAME__________Cisco P Phone 6800, 7800, and 8800 Series cross-site request forgeryPlatforms Affected:Cisco IP Phone 6800 Series Phones with Multiplatform Firmware...
Parsec Loader privilege escalation | US-CERT VU#287122
NAME__________Parsec Loader privilege escalationPlatforms Affected:Parsec Parsec Loader 7Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Parsec Loader could allow a local authenticated attacker to gain...
Mini-Tmall SQL injection | CVE-2023-4445
NAME__________Mini-Tmall SQL injectionPlatforms Affected:Mini-Tmall Mini-Tmall 20230811Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Mini-Tmall is vulnerable to SQL injection. A remote attacker could send specially-crafted...
Flarum server-side request forgery | CVE-2023-40033
NAME__________Flarum server-side request forgeryPlatforms Affected:Flarum Flarum 1.7.1Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Flarum is vulnerable to server-side request forgery, caused by a flaw...
Social media skeleton cross-site request forgery | CVE-2023-40172
NAME__________Social media skeleton cross-site request forgeryPlatforms Affected:Social media skeleton Social media skeleton 1.0.4 Social media skeleton Social media skeleton 1.0.3...
Social media skeleton weak security | CVE-2023-40173
NAME__________Social media skeleton weak securityPlatforms Affected:Social media skeleton Social media skeleton 1.0.4 Social media skeleton Social media skeleton 1.0.3 Social...
TurboWarp Desktop information disclosure | CVE-2023-40168
NAME__________TurboWarp Desktop information disclosurePlatforms Affected:TurboWarp Desktop 1.7.1Risk Level:6.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TurboWarp Desktop could allow a remote attacker to obtain sensitive information,...
Social media skeleton weak security | CVE-2023-40174
NAME__________Social media skeleton weak securityPlatforms Affected:Social media skeleton Social media skeleton 1.0.4 Social media skeleton Social media skeleton 1.0.3 Social...
McAfee Safe Connect privilege escalation | CVE-2023-40352
NAME__________McAfee Safe Connect privilege escalationPlatforms Affected:McAfee Safe Connect 2.16Risk Level:7.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________McAfee Safe Connect could allow a local authenticated attacker...
RubyGems security bypass | CVE-2023-40165
NAME__________RubyGems security bypassPlatforms Affected:RubyGems RubyGems.orgRisk Level:7.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________RubyGems could allow a remote attacker to bypass security restrictions, caused by improper...
Typora directory traversal | CVE-2023-2971
NAME__________Typora directory traversalPlatforms Affected:Typora Typora 1.6.0Risk Level:6.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Typora could allow a remote attacker to traverse directories on the system,...
Oppia security bypass | CVE-2023-40021
NAME__________Oppia security bypassPlatforms Affected:Oppia Oppia 1.1.0 Oppia Oppia 3.3.2Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Oppia could allow a remote attacker to bypass security...
LuxCal Web Calendar SQL injection | CVE-2023-39939
NAME__________LuxCal Web Calendar SQL injectionPlatforms Affected:LuxSoft LuxCal Web Calendar 5.2.2M MySQL LuxSoft LuxCal Web Calendar 5.2.2L SQLiteRisk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________LuxCal...
EnterpriseDB Postgres Advanced Server information disclosure |
NAME__________EnterpriseDB Postgres Advanced Server information disclosurePlatforms Affected:EnterpriseDB Postgres Advanced Server 11.21 EnterpriseDB Postgres Advanced Server 12.16 EnterpriseDB Postgres Advanced Server...
NVK iBSG SQL injection | CVE-2023-39807
NAME__________NVK iBSG SQL injectionPlatforms Affected:NVK iBSG 3.5 NVK iBSG 3.4Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________NVK iBSG is vulnerable to SQL injection. A...
Credit Lite SQL injection | CVE-2023-4407
NAME__________Credit Lite SQL injectionPlatforms Affected:Credit Lite Credit Lite 1.5.4Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Credit Lite is vulnerable to SQL injection. A remote...
EnterpriseDB Postgres Advanced Server information disclosure |
NAME__________EnterpriseDB Postgres Advanced Server information disclosurePlatforms Affected:EnterpriseDB Postgres Advanced Server 11.21 EnterpriseDB Postgres Advanced Server 12.16 EnterpriseDB Postgres Advanced Server...
LuxCal Web Calendar cross-site scripting | CVE-2023-39543
NAME__________LuxCal Web Calendar cross-site scriptingPlatforms Affected:LuxSoft LuxCal Web Calendar 5.2.2M MySQL LuxSoft LuxCal Web Calendar 5.2.2L SQLiteRisk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________LuxCal...
EnterpriseDB Postgres Advanced Server security bypass |
NAME__________EnterpriseDB Postgres Advanced Server security bypassPlatforms Affected:EnterpriseDB Postgres Advanced Server 11.21 EnterpriseDB Postgres Advanced Server 12.16 EnterpriseDB Postgres Advanced Server...
