LockBit 3.0 Ransomware Victim: gotocfr[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Month: November 2023
LockBit 3.0 Ransomware Victim: aei[.]cc
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
WP MapIt Plugin for WordPress cross-site scripting | CVE-2023-5658
NAME__________WP MapIt Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress WP MapIt Plugin for WordPress 2.7.1Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WP MapIt Plugin for...
ImageMapper Plugin for WordPress cross-site request forgery | CVE-2023-5975
NAME__________ImageMapper Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress ImageMapper Plugin for WordPress 1.2.6Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ImageMapper Plugin for WordPress is...
Featured Image Caption Plugin for WordPress and WooCommerce Plugin for WordPress cross-site scripting | CVE-2023-5669
NAME__________Featured Image Caption Plugin for WordPress and WooCommerce Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Featured Image Caption Plugin for WordPress...
QNAP QTS, QuTS hero, and QuTScloud server-side request forgery | CVE-2023-39301
NAME__________QNAP QTS, QuTS hero, and QuTScloud server-side request forgeryPlatforms Affected:QNAP QTS 5.0.0 QNAP QuTS Hero h5.0.0 QNAP QuTS hero h5.1.0...
Interact: Embed A Quiz On Your Site Plugin for WordPress cross-site scripting | CVE-2023-5659
NAME__________Interact: Embed A Quiz On Your Site Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Interact: Embed A Quiz On Your Site...
Apache OFBiz security bypass | CVE-2023-46819
NAME__________Apache OFBiz security bypassPlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apache OFBiz could allow a remote attacker to bypass security restrictions, caused by...
Open Design Alliance Drawings SDK code execution | CVE-2023-5179
NAME__________Open Design Alliance Drawings SDK code executionPlatforms Affected:Open Design Alliance Drawings SDK 24.1Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Open Design Alliance Drawings SDK...
GraphQL module for Drupal security bypass |
NAME__________GraphQL module for Drupal security bypassPlatforms Affected:Drupal GraphQL module for Drupal 8.x-4.5Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________GraphQL module for Drupal could allow...
GE MiCOM S1 code execution | CVE-2023-0898
NAME__________GE MiCOM S1 code executionPlatforms Affected:General Electric MiCOM S1 AgileRisk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GE MiCOM S1 Agile allows a local authenticated...
Amazonify Plugin for WordPress cross-site request forgery | CVE-2023-5818
NAME__________Amazonify Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Amazonify Plugin for WordPress 0.8.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Amazonify Plugin for WordPress is...
SendPress Newsletters Plugin for WordPress cross-site scripting | CVE-2023-5660
NAME__________SendPress Newsletters Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress SendPress Newsletters Plugin for WordPress 1.22.3.31Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________SendPress Newsletters Plugin for...
Telephone Number Linker Plugin for WordPress cross-site scripting | CVE-2023-5743
NAME__________Telephone Number Linker Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Telephone Number Linker Plugin for WordPress 1.2Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Telephone Number...
Videolan VLC Media Player denial of service | CVE-2023-47359
NAME__________Videolan VLC Media Player denial of servicePlatforms Affected:Videolan VLC Media Player 3.0.19Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Videolan VLC Media Player is...
Puppet Enterprise security bypass | CVE-2023-5309
NAME__________Puppet Enterprise security bypassPlatforms Affected:Puppet Puppet Enterprise 2021.7.5 Puppet Puppet Enterprise 2023.4Risk Level:6.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Puppet Enterprise could allow a remote...
Videolan VLC Media Player denial of service | CVE-2023-47360
NAME__________Videolan VLC Media Player denial of servicePlatforms Affected:Videolan VLC Media Player 3.0.19Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Videolan VLC Media Player is...
Social Feed Plugin for WordPress and WooCommerce Plugin for WordPress cross-site scripting | CVE-2023-5661
NAME__________Social Feed Plugin for WordPress and WooCommerce Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Social Feed Plugin for WordPress 1.5.4.6Risk Level:6.4Exploitability:HighConsequences:Cross-Site...
GraphQL module for Drupal cross-site request forgery |
NAME__________GraphQL module for Drupal cross-site request forgeryPlatforms Affected:Drupal GraphQL module for Drupal 8.x-4.5Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GraphQL module for Drupal is...
YugabyteDB Anywhere information disclosure | CVE-2023-6001
NAME__________YugabyteDB Anywhere information disclosurePlatforms Affected:Yugabyte YugabyteDB Anywhere 2.0.0.0 Yugabyte YugabyteDB Anywhere 2.18.3.0Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________YugabyteDB Anywhere could allow a remote...
Amazonify Plugin for WordPress cross-site scripting | CVE-2023-5819
NAME__________Amazonify Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Amazonify Plugin for WordPress 0.8.1Risk Level:4.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Amazonify Plugin Plugin for WordPress is...
Tongda OA SQL injection | CVE-2023-6054
NAME__________Tongda OA SQL injectionPlatforms Affected:Beijing Tongda Xinke Technology Tongda OA 11.10Risk Level:5.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Tongda OA is vulnerable to SQL injection....
Go filepath directory traversal | CVE-2023-45283
NAME__________Go filepath directory traversalPlatforms Affected:Golang Go 1.20.10 Golang Go 1.21.3Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Golang Go could allow a remote attacker to...
EC-CUBE 3 series and 4 series code execution | CVE-2023-46845
NAME__________EC-CUBE 3 series and 4 series code executionPlatforms Affected:EC-CUBE EC-CUBE 4.2.2 EC-CUBE EC-CUBE 3.0.18-p6Risk Level:10Exploitability:Consequences:Gain Access DESCRIPTION__________EC-CUBE 3 series and...
