Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that's designed to harvest sensitive...
Month: September 2023
Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks
A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop...
HackerOne Bug Bounty Disclosure: b-dependency-policy-bypass-via-process-binding-b-leodog
Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'leodog896'Link to Submitters Profile:https://hackerone.com/b'leodog896' Report Title:b'Dependency Policy Bypass via process.binding'Report...
HackerOne Bug Bounty Disclosure: b-permissions-not-respected-when-copying-entire-group-folders-b-carl-schwan
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'carl_schwan'Link to Submitters Profile:https://hackerone.com/b'carl_schwan' Report Title:b'Permissions not respected when copying entire group...
HackerOne Bug Bounty Disclosure: b-argocd-s-web-terminal-session-doesn-t-expire-b-bean-zhang
Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'bean-zhang'Link to Submitters Profile:https://hackerone.com/b'bean-zhang' Report Title:b"Argocd's web terminal session doesn't...
Posh C2 Detected – 170[.]64[.]153[.]219:4443
The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...
Tenda N300 Wireless N VDSL2 Modem Router information disclosure | US-CERT VU#304455
NAME__________Tenda N300 Wireless N VDSL2 Modem Router information disclosurePlatforms Affected:Tenda N300 Wireless N VDSL2 Modem RouterRisk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Tenda N300...
HPE Aruba Networking buffer overflow | CVE-2023-38484
NAME__________HPE Aruba Networking buffer overflowPlatforms Affected:Aruba Networks ArubaOS 10.4.0.1 Aruba Networks ArubaOS 8.11.1.0 Aruba Networks ArubaOS 8.10.0.6 Aruba Networks ArubaOS...
HPE Aruba Networking products security bypass | CVE-2023-38486
NAME__________HPE Aruba Networking products security bypassPlatforms Affected:Aruba Networks ArubaOS 10.4.0.1 Aruba Networks ArubaOS 8.11.1.0 Aruba Networks ArubaOS 8.10.0.6 Aruba Networks...
SOCOMEC MODULYS GP cross-site scripting | CVE-2023-38582
NAME__________SOCOMEC MODULYS GP cross-site scriptingPlatforms Affected:Socomec MOD3GP-SY-120K 01.12.10Risk Level:6.3Exploitability:HighConsequences:Obtain Information DESCRIPTION__________SOCOMEC MODULYS GP is vulnerable to cross-site scripting, caused by...
IBM QRadar WinCollect Agent privilege escalation | CVE-2023-38736
NAME__________IBM QRadar WinCollect Agent privilege escalationPlatforms Affected:IBM QRadar WinCollect Agent 10.0 IBM QRadar WinCollect Agent 10.1.6Risk Level:7.5Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________IBM QRadar...
SOCOMEC MODULYS GP cross-site scripting | CVE-2023-38255
NAME__________SOCOMEC MODULYS GP cross-site scriptingPlatforms Affected:Socomec MOD3GP-SY-120K 01.12.10Risk Level:6.5Exploitability:HighConsequences:Obtain Information DESCRIPTION__________SOCOMEC MODULYS GP is vulnerable to cross-site scripting, caused by...
Delta Electronics CNCSoft-B DOPSoft buffer overflow | CVE-2023-4685
NAME__________Delta Electronics CNCSoft-B DOPSoft buffer overflowPlatforms Affected:Delta Electronics CNCSoft-B DOPSoft 1.0.0.4Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Delta Electronics CNCSoft-B DOPSoft is vulnerable to...
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers buffer overflow | CVE-2023-20250
NAME__________Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers buffer overflowPlatforms Affected:Cisco RV110W Wireless-N VPN Firewall Cisco RV130W Wireless-N Multifunction...
Smart S45F Multi-Service Secure Gateway Intelligent Management Platform SQL injection | CVE-2023-4745
NAME__________Smart S45F Multi-Service Secure Gateway Intelligent Management Platform SQL injectionPlatforms Affected:Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management PlatformRisk...
D-Link DIR-3040 buffer overflow | CVE-2023-41230
NAME__________D-Link DIR-3040 buffer overflowPlatforms Affected:D-Link DIR-3040 1.20B03Risk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________D-Link DIR-3040 is vulnerable to a stack-based buffer overflow, caused by...
IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection | CVE-2023-32332
NAME__________IBM Maximo Application Suite and IBM Maximo Asset Management HTML injectionPlatforms Affected:IBM Maximo Asset Management 7.6.1.2 IBM Maximo Asset Management...
SOCOMEC MODULYS GP information disclosure | CVE-2023-39452
NAME__________SOCOMEC MODULYS GP information disclosurePlatforms Affected:Socomec MOD3GP-SY-120K 01.12.10Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________SOCOMEC MODULYS GP could allow a remote attacker to obtain...
highlight.php module for Drupal cross-site scripting |
NAME__________highlight.php module for Drupal cross-site scriptingPlatforms Affected:Drupal highlight.php module for Drupal 1.0.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________highlight.php module for Drupal is vulnerable...
D-Link DIR-3040 buffer overflow | CVE-2023-41227
NAME__________D-Link DIR-3040 buffer overflowPlatforms Affected:D-Link DIR-3040 1.20B03Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________D-Link DIR-3040 is vulnerable to a stack-based buffer overflow, caused by...
Dell Digital Delivery denial of service | CVE-2023-32470
NAME__________Dell Digital Delivery denial of servicePlatforms Affected:Dell Digital Delivery 5.0.81.0Risk Level:5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Dell Digital Delivery is vulnerable to a...
D-Link DIR-3040 buffer overflow | CVE-2023-41228
NAME__________D-Link DIR-3040 buffer overflowPlatforms Affected:D-Link DIR-3040 1.20B03Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________D-Link DIR-3040 is vulnerable to a stack-based buffer overflow, caused by...
D-Link DIR-3040 buffer overflow | CVE-2023-41226
NAME__________D-Link DIR-3040 buffer overflowPlatforms Affected:D-Link DIR-3040 1.20B03Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________D-Link DIR-3040 is vulnerable to a stack-based buffer overflow, caused by...
D-Link DIR-3040 buffer overflow | CVE-2023-41217
NAME__________D-Link DIR-3040 buffer overflowPlatforms Affected:D-Link DIR-3040Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________D-Link DIR-3040 routers are vulnerable to a stack-based buffer overflow, caused by...
