HackerOne Bug Bounty Disclosure: reflected-xss-inby0xd3adc0de
Programme HackerOne U.S. Dept Of Defense U.S. Dept Of Defense Submitted by 0xd3adc0de 0xd3adc0de Report Reflected XSS in Full Report...
Year: 2023
Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick...
THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this...
GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure...
Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing...
LockBit 3.0 Ransomware Victim: bianchiindustry[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Online Pizza Ordering System /php-opos/index.php SQL injection |
NAME__________Online Pizza Ordering System /php-opos/index.php SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Online Pizza Ordering System is vulnerable to SQL injection. A...
Izmir Katip Celebi University UBYS cross-site scripting | CVE-2023-0320
NAME__________Izmir Katip Celebi University UBYS cross-site scriptingPlatforms Affected:Izmir Katip Celebi University UBYS 23.03.16Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Izmir Katip Celebi University UBYS...
Human Resource Management System /hrm/controller/login.php SQL injection |
NAME__________Human Resource Management System /hrm/controller/login.php SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Human Resource Management System is vulnerable to SQL injection. A...
MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosure | CVE-2022-45635
NAME__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosurePlatforms Affected:Risk Level:7.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________MEGAFEIS, BOFEI DBD+ Application for...
Frontier denial of service | CVE-2023-28431
NAME__________Frontier denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Frontier is vulnerable to a denial of service, caused by a gas...
Medical Certificate Generator App SQL injection | CVE-2023-1566
NAME__________Medical Certificate Generator App SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Medical Certificate Generator App is vulnerable to SQL injection. A remote...
Pacsrapor cross-site scripting | CVE-2023-1153
NAME__________Pacsrapor cross-site scriptingPlatforms Affected:Pacsrapor Pacsrapor 1.22Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Pacsrapor is vulnerable to SQL injection. A remote attacker could send specially-crafted...
Pacsrapor cross-site scripting | CVE-2023-1154
NAME__________Pacsrapor cross-site scriptingPlatforms Affected:Pacsrapor Pacsrapor 1.22Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Pacsrapor is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Prestashop tshirtecommerce SQL injection | CVE-2023-27637
NAME__________Prestashop tshirtecommerce SQL injectionPlatforms Affected:Paradox IPR512Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Prestashop tshirtecommerce module is vulnerable to SQL injection. A remote attacker could...
Simple and Beautiful Shopping Cart System file upload | CVE-2023-1558
NAME__________Simple and Beautiful Shopping Cart System file uploadPlatforms Affected:Risk Level:4.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Simple and Beautiful Shopping Cart System could allow a...
Sentry SDK for Python information disclosure | CVE-2023-28117
NAME__________Sentry SDK for Python information disclosurePlatforms Affected:Risk Level:7.6Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Sentry SDK for Python could allow a remote authenticated attacker to...
MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosure | CVE-2022-45634
NAME__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosurePlatforms Affected:Risk Level:7.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________MEGAFEIS, BOFEI DBD+ Application for...
Minio information disclosure | CVE-2023-28432
NAME__________Minio information disclosurePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Minio could allow a remote attacker to obtain sensitive information, caused by a flaw...
Cisco ASA, FTD, IOS and IOS XE Software denial of service | CVE-2023-20081
NAME__________Cisco ASA, FTD, IOS and IOS XE Software denial of servicePlatforms Affected:Cisco Adaptive Security Appliance Software Cisco IOS Software Cisco...
Devolutions Remote Desktop Manager information disclosure | CVE-2023-1574
NAME__________Devolutions Remote Desktop Manager information disclosurePlatforms Affected:Risk Level:2.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Devolutions Remote Desktop Manager could allow a local attacker to obtain...
Air Cargo Management System SQL injection | CVE-2023-1564
NAME__________Air Cargo Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Air Cargo Management System is vulnerable to SQL injection. A remote...
Student Study Center Desk Management System cross-site scripting | CVE-2023-1567
NAME__________Student Study Center Desk Management System cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Student Study Center Desk Management System is vulnerable to...
NextCloud Server brute force | CVE-2023-25820
NAME__________NextCloud Server brute forcePlatforms Affected:Risk Level:4.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________NextCloud Server is vulnerable to a brute force attack, caused by improper restriction...
