Two Critical Flaws Found in Alibaba Cloud’s PostgreSQL Databases
A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL...
Year: 2023
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job
The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at...
UDPX – Fast A nd Lightweight, UDPX Is A Single-Packet UDP Scanner Written In Go That Supports The Discovery Of Over 45 Services With The Ability To Add Custom Ones
Fast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services...
ChatGPT’s Data Protection Blind Spots and How Security Teams Can Solve Them
In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate...
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT...
NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders
Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected...
Daggerfly Cyberattack Campaign Hits African Telecom Services Providers
Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least...
LockBit 3.0 Ransomware Victim: intuview[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: crossinggroup[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Control iD RHiD SQL injecition | CVE-2023-2043
NAME__________Control iD RHiD SQL injecitionPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Control iD RHiD is vulnerable to SQL injection. A remote attacker could...
TransbankDevelopers Transbank Webpay REST Plugin for WordPress SQL injection | CVE-2023-27610
NAME__________TransbankDevelopers Transbank Webpay REST Plugin for WordPress SQL injectionPlatforms Affected:WordPress Transbank Webpay REST Plugin for WordPress 1.6.6Risk Level:5.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________TransbankDevelopers...
MP4v2 denial of service | CVE-2023-29584
NAME__________MP4v2 denial of servicePlatforms Affected:Risk Level:5.5Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________MP4v2 is vulnerable to a denial of service, caused by...
Uniswap Labs web3-react security bypass | CVE-2023-30543
NAME__________Uniswap Labs web3-react security bypassPlatforms Affected:Uniswap Labs web3-reactRisk Level:5.2Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Uniswap Labs web3-react could allow a remote authenticated attacker to...
Nextcloud Server security bypass | CVE-2023-30539
NAME__________Nextcloud Server security bypassPlatforms Affected:Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Server 24.0.0 Nextcloud Nextcloud Enterprise Server 23.0.0 Nextcloud Nextcloud Enterprise...
Slim PSR-7 security bypass | CVE-2023-30536
NAME__________Slim PSR-7 security bypassPlatforms Affected:Slim PSR-7 1.6.0Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Slim PSR-7 could allow a remote attacker to bypass security restrictions,...
Ultimate Noindex Nofollow Tool II Plugin for WordPress cross-site request forgery | CVE-2023-30474
NAME__________Ultimate Noindex Nofollow Tool II Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Ultimate Noindex Nofollow Tool Plugin for WordPress 1.3Risk...
Nextcloud Talk information disclosure | CVE-2023-30540
NAME__________Nextcloud Talk information disclosurePlatforms Affected:Nextcloud Talk 15.0.0 Nextcloud Talk 15.0.4Risk Level:3.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Nextcloud Talk could allow a remote authenticated attacker...
Archery SQL injection | CVE-2023-30557
NAME__________Archery SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Archery is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL...
Archery SQL injection | CVE-2023-30553
NAME__________Archery SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Archery is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL...
Archery SQL injection | CVE-2023-30556
NAME__________Archery SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Archery is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL...
Archery SQL injection | CVE-2023-30555
NAME__________Archery SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Archery is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL...
Faturamatik BirCard SQL injection | CVE-2023-1873
NAME__________Faturamatik BirCard SQL injectionPlatforms Affected:Risk Level:9.8Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Faturamatik BirCard is vulnerable to SQL injection. A remote attacker could send specially-crafted...
Mattermost information disclosure | CVE-2023-1831
NAME__________Mattermost information disclosurePlatforms Affected:Risk Level:7.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Mattermost could allow a remote authenticated attacker to obtain sensitive information, caused by the...
Archery SQL injection | CVE-2023-30552
NAME__________Archery SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Archery is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL...
