CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...
Year: 2023
CISA: Fortinet Releases Security Update for FortiOS
Fortinet Releases Security Update for FortiOS Fortinet has released a security update to address a vulnerability (CVE-2023-29182) affecting FortiOS. A...
CISA: Adobe Releases Security Updates for Multiple Products
Adobe Releases Security Updates for Multiple Products Adobe has released security updates to address multiple vulnerabilities in Adobe software. An...
CISA: CISA Releases Two Industrial Control Systems Advisories
CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on August 8, 2023. These...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA Releases Twelve Industrial Control Systems Advisories
CISA Releases Twelve Industrial Control Systems Advisories CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These...
US-CERT Vulnerability Summary for the Week of July 31, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoyunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to...
HackerOne Bug Bounty Disclosure: b-hackerone-support-system-doesn-t-require-any-authentication-may-lead-unauthorized-action-b-rafsanzami
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'rafsanzami'Link to Submitters Profile:https://hackerone.com/b'rafsanzami' Report Title:b"HackerOne Support System Doesn't Require Any Authentication...
HackerOne Bug Bounty Disclosure: b-wiiu-switch-remote-code-execution-inside-the-enl-library-b-crazy-man
Company Name: b'Nintendo' Company HackerOne URL: https://hackerone.com/nintendo Submitted By:b'crazy_man123'Link to Submitters Profile:https://hackerone.com/b'crazy_man123' Report Title:b' Remote code execution inside the ENL...
HackerOne Bug Bounty Disclosure: b-idor-in-channel-id-leads-to-customer-email-disclosure-on-https-video-ibm-com-b-tusnj
Company Name: b'IBM' Company HackerOne URL: https://hackerone.com/ibm Submitted By:b'tusnj'Link to Submitters Profile:https://hackerone.com/b'tusnj' Report Title:b'IDOR in channel ID leads to customer...
HackerOne Bug Bounty Disclosure: b-create-miscellaneous-support-ticket-on-anyone-s-account-through-support-hackerone-com-email-b-sayaanalam
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'sayaanalam'Link to Submitters Profile:https://hackerone.com/b'sayaanalam' Report Title:b"Create miscellaneous support ticket on anyone's account...
HackerOne Bug Bounty Disclosure: b-nginx-alias-traversal-babel-bluetab-net-b-dk-trin
Company Name: b'IBM' Company HackerOne URL: https://hackerone.com/ibm Submitted By:b'dk4trin'Link to Submitters Profile:https://hackerone.com/b'dk4trin' Report Title:b'Nginx Alias Traversal - babel.bluetab.net'Report Link:https://hackerone.com/reports/2061826Date Submitted:11...
HackerOne Bug Bounty Disclosure: b-rxss-at-image-hackerone-live-via-the-url-parameter-b-todayisnew
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'todayisnew'Link to Submitters Profile:https://hackerone.com/b'todayisnew' Report Title:b'RXSS at image.hackerone.live via the `url` parameter'Report...
HackerOne Bug Bounty Disclosure: b-hackerone-all-private-program-name-leaked-to-public-via-collaborator-or-attacker-can-easily-dump-all-private-program-names-through-collaborator-b-hackit-bharat
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'hackit_bharat'Link to Submitters Profile:https://hackerone.com/b'hackit_bharat' Report Title:b'Hackerone All Private Program Name Leaked to...
HackerOne Bug Bounty Disclosure: b-dns-rebinding-in-inspect-again-via-invalid-ip-addresses-b-haxatron
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'DNS rebinding in --inspect (again) via invalid...
HackerOne Bug Bounty Disclosure: b-policy-restricted-modules-can-escalate-to-higher-privileges-by-impersonating-other-modules-in-a-policy-list-using-module-constructor-createrequire-b-haxatron
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'Policy-restricted modules can escalate to higher privileges...
HackerOne Bug Bounty Disclosure: b-node-reads-openssl-cnf-from-home-iojs-build-upon-startup-b-msvrmiscovet
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'msvrmiscovet'Link to Submitters Profile:https://hackerone.com/b'msvrmiscovet' Report Title:b'Node 18 reads openssl.cnf from /home/iojs/build/... upon...
HackerOne Bug Bounty Disclosure: b-fs-mkdtemp-and-fs-mkdtempsync-are-missing-getvalidatedpath-checks-b-haxatron
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'fs.mkdtemp() and fs.mkdtempSync() are missing getValidatedPath() checks.'Report...
HackerOne Bug Bounty Disclosure: b-permission-model-bypass-by-specifying-a-path-traversal-sequence-in-a-buffer-b-haxatron
Company Name: b'Node.js' Company HackerOne URL: https://hackerone.com/nodejs Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'Permission model bypass by specifying a path...
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome...
Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks...
New SystemBC Malware Variant Targets Southern African Power Company
An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with...
Researchers Shed Light on APT31’s Advanced Backdoors and Data Exfiltration Tactics
The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a...
Akira Ransomware Victim: Optimum Technology
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
