RansomHouse Ransomware Victim: Comune Taggia
RansomHouse Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Year: 2023
US-CERT Vulnerability Summary for the Week of March 13, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
HackerOne Bug Bounty Disclosure: html-injection-via-insecure-parameter-[https://www-ubercarshare-com/]byzhero_
Programme HackerOne Uber Uber Submitted by zhero_ zhero_ Report HTML injection via insecure parameter Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: dom-based-xss-via-insecure-parameter-on-[-https://uberpay-mock-psp-uber-com-]byzhero_
Programme HackerOne Uber Uber Submitted by zhero_ zhero_ Report DOM based XSS via insecure parameter on Full Report A...
HackerOne Bug Bounty Disclosure: apache-http-server:-mod_proxy_uwsgi-http-response-splitting-(cve-2023-27522)bynyxsorcerer
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by nyxsorcerer nyxsorcerer Report Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting...
HackerOne Bug Bounty Disclosure: [data-07-uberinternal-com]-ssrf-in-portainer-app-lead-to-access-to-internal-docker-api-without-authbykxyry
Programme HackerOne Uber Uber Submitted by kxyry kxyry Report SSRF in Portainer app lead to access to Internal Docker API...
HackerOne Bug Bounty Disclosure: [uchat-uberinternals-com]-mattermost-doesn’t-check-origin-in-websockets,-which-leads-to-the-critical-inforamation-leakage-bykxyry
Programme HackerOne Uber Uber Submitted by kxyry kxyry Report Mattermost doesn't check Origin in Websockets, which leads to the Critical...
Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts
Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's...
Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of...
Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps
An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications...
2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks
In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate...
LockBit 3.0 Ransomware Victim: trudi[.]it
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Medicine Tracker System security bypass | CVE-2023-1464
NAME__________Medicine Tracker System security bypassPlatforms Affected:Risk Level:7.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Medicine Tracker System could allow a remote attacker to bypass security restrictions,...
Student Study Center Desk Management System directory traversal | CVE-2023-1467
NAME__________Student Study Center Desk Management System directory traversalPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Student Study Center Desk Management System could allow a...
Student Study Center Desk Management System SQL injection | CVE-2023-1468
NAME__________Student Study Center Desk Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Student Study Center Desk Management System is vulnerable to...
REBUILD SQL injection | CVE-2023-1495
NAME__________REBUILD SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________REBUILD is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL...
Student Study Center Desk Management System SQL injection | CVE-2023-1466
NAME__________Student Study Center Desk Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Student Study Center Desk Management System is vulnerable to...
WP Express Checkout Plugin for WordPress cross-site scripting | CVE-2023-1469
NAME__________WP Express Checkout Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress WP Express Checkout Plugin for WordPress 2.2.8Risk Level:4.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WP Express...
TeamPass security bypass | CVE-2023-1463
NAME__________TeamPass security bypassPlatforms Affected:Teampass Teampass 3.0.0.22Risk Level:6.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________TeamPass could allow a remote authenticated attacker to bypass security restrictions, caused...
IBOS SQL injection | CVE-2023-1494
NAME__________IBOS SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________IBOS is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL...
eCommerce Product Catalog Plugin for WordPress cross-site scripting | CVE-2023-1470
NAME__________eCommerce Product Catalog Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress eCommerce Product Catalog Plugin for WordPress 3.3.8Risk Level:4.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________eCommerce Product...
VMware Tanzu Spring Framework denial of service | CVE-2023-20861
NAME__________VMware Tanzu Spring Framework denial of servicePlatforms Affected:VMware Tanzu Spring Framework 5.2.0 VMware Tanzu Spring Framework 5.3.6 VMware Tanzu Spring...
WooCommerce Multiple Customer Addresses & Shipping Plugin for WordPress security bypass | CVE-2023-0865
NAME__________WooCommerce Multiple Customer Addresses & Shipping Plugin for WordPress security bypassPlatforms Affected:WordPress WooCommerce Multiple Customer Addresses & Shipping Plugin for...
Rapid7 InsightVM Security Console open redirect | CVE-2023-0681
NAME__________Rapid7 InsightVM Security Console open redirectPlatforms Affected:Rapid7 InsightVM 6.6.178Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Rapid7 InsightVM could allow a remote attacker to conduct...
