BlackCat/ALPHV Ransomware Victim: Aura Engineering, LLC
BlackCat / ALPHV Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Month: December 2023
Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack
A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that...
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining
Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with...
Chinese Hackers Exploited New Zero-Day in Barracuda’s ESG Appliances
Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy...
DuoUniversalKeycloakAuthenticator information disclosure | CVE-2023-49594
NAME__________DuoUniversalKeycloakAuthenticator information disclosurePlatforms Affected:DuoUniversalKeycloakAuthenticator DuoUniversalKeycloakAuthenticator 1.0.7Risk Level:4.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________DuoUniversalKeycloakAuthenticator could allow a remote authenticated attacker to obtain sensitive information, caused...
GitHub Enterprise Server security bypass | CVE-2023-6847
NAME__________GitHub Enterprise Server security bypassPlatforms Affected:GitHub Enterprise Server 3.9.6 GitHub Enterprise Server 3.10.3 GitHub Enterprise Server 3.11.0Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________GitHub...
GitHub Enterprise Server privilege escalation | CVE-2023-6803
NAME__________GitHub Enterprise Server privilege escalationPlatforms Affected:GitHub Enterprise Server 3.8.11 GitHub Enterprise Server 3.9.6 GitHub Enterprise Server 3.10.3 GitHub Enterprise Server...
GitHub Enterprise Server privilege escalation | CVE-2023-6690
NAME__________GitHub Enterprise Server privilege escalationPlatforms Affected:GitHub Enterprise Server 3.8.11 GitHub Enterprise Server 3.9.6 GitHub Enterprise Server 3.10.3 GitHub Enterprise Server...
GilaCMS SQL injection | CVE-2020-26623
NAME__________GilaCMS SQL injectionPlatforms Affected:Risk Level:7.2Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________GilaCMS is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted...
json-jwt security bypass | CVE-2023-51774
NAME__________json-jwt security bypassPlatforms Affected:json-jwt json-jwt 1.16.3Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________json-jwt could allow a remote attacker to bypass security restrictions, caused by...
GitHub Enterprise Server information disclosure | CVE-2023-6802
NAME__________GitHub Enterprise Server information disclosurePlatforms Affected:GitHub Enterprise Server 3.8.11 GitHub Enterprise Server 3.9.6 GitHub Enterprise Server 3.10.3 GitHub Enterprise Server...
GitHub Enterprise Server privilege escalation | CVE-2023-6804
NAME__________GitHub Enterprise Server privilege escalationPlatforms Affected:GitHub Enterprise Server 3.8.11 GitHub Enterprise Server 3.9.6 GitHub Enterprise Server 3.10.3 GitHub Enterprise Server...
Spreadsheet::ParseExcel code execution | CVE-2023-7101
NAME__________Spreadsheet::ParseExcel code executionPlatforms Affected:Spreadsheet::ParseExcel Spreadsheet::ParseExcel 0.65Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Spreadsheet::ParseExcel could allow a remote attacker to execute arbitrary code on the...
Hospital Management System SQL injection | CVE-2020-26628
NAME__________Hospital Management System SQL injectionPlatforms Affected:Risk Level:7.2Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Hospital Management System is vulnerable to SQL injection. A remote authenticated attacker...
Hospital Management System cross-site scripting | CVE-2020-26629
NAME__________Hospital Management System cross-site scriptingPlatforms Affected:Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Hospital Management System is vulnerable to cross-site scripting, caused by improper validation...
SignalWire FreeSWITCH denial of service | CVE-2023-51443
NAME__________SignalWire FreeSWITCH denial of servicePlatforms Affected:SignalWire FreeSWITCH 1.10.10Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________SignalWire FreeSWITCH is vulnerable to a denial of service,...
Moxa ioLogik E1200 Series information disclosure | CVE-2023-5962
NAME__________Moxa ioLogik E1200 Series information disclosurePlatforms Affected:Moxa ioLogik E1200 Series 1.0 Moxa ioLogik E1200 Series 3.3Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Moxa ioLogik...
Hospital Management System SQL injection | CVE-2020-26627
NAME__________Hospital Management System SQL injectionPlatforms Affected:Risk Level:7.2Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Hospital Management System is vulnerable to SQL injection. A remote authenticated attacker...
GilaCMS SQL injection | CVE-2020-26624
NAME__________GilaCMS SQL injectionPlatforms Affected:Risk Level:7.2Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________GilaCMS is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted...
GilaCMS SQL injection | CVE-2020-26625
NAME__________GilaCMS SQL injectionPlatforms Affected:Risk Level:7.2Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________GilaCMS is vulnerable to SQL injection. A remote authenticated attacker could send specially crafted...
Hospital Management System file upload | CVE-2020-26630
NAME__________Hospital Management System file uploadPlatforms Affected:Risk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Hospital Management System could allow a remote attacker to upload arbitrary files,...
Sudo Project Sudo security bypass | CVE-2023-7090
NAME__________Sudo Project Sudo security bypassPlatforms Affected:Sudo Project Sudo 1.8.24Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Sudo Project Sudo could allow a remote authenticated attacker...
BUFFALO VR-S1000 devices command execution | CVE-2023-46681
NAME__________BUFFALO VR-S1000 devices command executionPlatforms Affected:BUFFALO VR-S1000 2.37Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________BUFFALO VR-S1000 devices could allow a local authenticated attacker to...
Apache OFBiz server-side request forgery | CVE-2023-50968
NAME__________Apache OFBiz server-side request forgeryPlatforms Affected:Apache OFBiz 18.12.10Risk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Apache OFBiz is vulnerable to server-side request forgery, caused by...
