What’s the Difference Between CSPM & SSPM?
Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of the acronyms notwithstanding,...
Year: 2023
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to...
DFIR via XDR: How to expedite your investigations with a DFIRent approach
Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the...
LockBit 3.0 Ransomware Victim: hkiff[.]org[.]hk
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: thesoftwareconsultinggroup[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: psenergy[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: joriszorg[.]nl
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Diasoft File Replication Pro privilege escalation | CVE-2023-26918
NAME__________Diasoft File Replication Pro privilege escalationPlatforms Affected:Diasoft File Replication Pro 7.5.0Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Diasoft File Replication Pro could allow a...
Fortinet FortiADC, Fortinet FortiDDoS, and Fortinet FortiDDoS-F command execution | CVE-2022-40679
NAME__________Fortinet FortiADC, Fortinet FortiDDoS, and Fortinet FortiDDoS-F command executionPlatforms Affected:Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Fortinet FortiADC, Fortinet FortiDDoS, and Fortinet FortiDDoS-F could...
Auto Dealer Management System cross-site scripting | CVE-2023-27666
NAME__________Auto Dealer Management System cross-site scriptingPlatforms Affected:Sourcecodester Auto Dealer Management System 1.0Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Auto Dealer Management System is vulnerable...
SecurePoint UTM information disclosure | CVE-2023-22897
NAME__________SecurePoint UTM information disclosurePlatforms Affected:Risk Level:6.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________SecurePoint UTM could allow a remote authenticated attacker to obtain sensitive...
Canonical apport-cli privilege escalation | CVE-2023-1326
NAME__________Canonical apport-cli privilege escalationPlatforms Affected:Canonical apport-cli 2.26.0Risk Level:7.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Canonical apport-cli could allow a local authenticated attacker to gain elevated...
Campcodes Advanced Online Voting System SQL injection | CVE-2023-2048
NAME__________Campcodes Advanced Online Voting System SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Campcodes Advanced Online Voting System is vulnerable to SQL injection....
TigerGraph Enterprise information disclosure | CVE-2023-22949
NAME__________TigerGraph Enterprise information disclosurePlatforms Affected:Risk Level:6.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TigerGraph Enterprise could allow a remote authenticated attacker to obtain sensitive information, caused...
Campcodes Advanced Online Voting System SQL injection | CVE-2023-2053
NAME__________Campcodes Advanced Online Voting System SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Campcodes Advanced Online Voting System is vulnerable to SQL injection....
Purchase Order Management cross-site scripting | CVE-2023-29623
NAME__________Purchase Order Management cross-site scriptingPlatforms Affected:Sourcecodester Purchase Order Management System 1.0Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Purchase Order Management is vulnerable to cross-site...
Campcodes Advanced Online Voting System cross-site scripting | CVE-2023-2055
NAME__________Campcodes Advanced Online Voting System cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Campcodes Advanced Online Voting System is vulnerable to cross-site scripting,...
Purchase Order Management SQL injection | CVE-2023-29622
NAME__________Purchase Order Management SQL injectionPlatforms Affected:Sourcecodester Purchase Order Management System 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Purchase Order Management is vulnerable to SQL...
Easy!Appointments cross-site scripting | CVE-2023-2102
NAME__________Easy!Appointments cross-site scriptingPlatforms Affected:Risk Level:6.8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Easy!Appointments is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...
TigerGraph Enterprise information disclosure | CVE-2023-22950
NAME__________TigerGraph Enterprise information disclosurePlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TigerGraph Enterprise could allow a remote authenticated attacker to obtain sensitive information, caused...
Campcodes Advanced Online Voting System SQL injection | CVE-2023-2051
NAME__________Campcodes Advanced Online Voting System SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Campcodes Advanced Online Voting System is vulnerable to SQL injection....
TigerGraph Enterprise information disclosure | CVE-2023-22948
NAME__________TigerGraph Enterprise information disclosurePlatforms Affected:Risk Level:7.7Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TigerGraph Enterprise could allow a remote authenticated attacker to obtain sensitive information, caused...
Video Sharing Website SQL injection | CVE-2023-2037
NAME__________Video Sharing Website SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Video Sharing Website is vulnerable to SQL injection. A remote authenticated attacker...
Roxy-WI directory traversal | CVE-2023-29004
NAME__________Roxy-WI directory traversalPlatforms Affected:Roxy-WI Roxy-WI 6.3.9.0Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Roxy-WI could allow a remote authenticated attacker to traverse directories on the...
