CISA: CISA Releases Seven Industrial Control Systems Advisories
CISA Releases Seven Industrial Control Systems Advisories CISA released seven Industrial Control Systems (ICS) advisories on December 19, 2023. These...
Month: January 2024
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool CISA has published the finalized Microsoft 365 Secure Configuration Baselines,...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
CISA: Juniper Releases Security Advisory for Juniper Secure Analytics
Juniper Releases Security Advisory for Juniper Secure Analytics Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure...
CISA: CISA Releases Three Industrial Control Systems Advisories
CISA Releases Three Industrial Control Systems Advisories CISA released three Industrial Control Systems (ICS) advisories on January 4, 2024. These...
D3m0n1z3dShell – Demonized Shell Is An Advanced Tool For Persistence In Linux
Demonized Shell is an Advanced Tool for persistence in linux. Install git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.gitcd D3m0n1z3dShellchmod +x demonizedshell.shsudo ./demonizedshell.sh One-Liner Install...
HackerOne Bug Bounty Disclosure: b-the-taint-flag-is-not-propagated-at-json-parse-b-ooooooo-q
Company Name: b'Ruby' Company HackerOne URL: https://hackerone.com/ruby Submitted By:b'ooooooo_q'Link to Submitters Profile:https://hackerone.com/b'ooooooo_q' Report Title:b'The taint flag is not propagated at...
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers
Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has...
Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used...
Exposed Secrets are Everywhere. Here’s How to Tackle Them
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as...
S-CMS /member/ad.php?action=ad SQL injection | CVE-2023-7190
NAME__________S-CMS /member/ad.php?action=ad SQL injectionPlatforms Affected:S-CMS S-CMS 2.0_build20220529-20231006Risk Level:5.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________S-CMS is vulnerable to SQL injection. A remote authenticated attacker could...
OpenHarmony denial of service | CVE-2023-49135
NAME__________OpenHarmony denial of servicePlatforms Affected:Risk Level:4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________OpenHarmony is vulnerable to a denial of service. By using a modified...
WebCalendar colors.php cross-site scripting |
NAME__________WebCalendar colors.php cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WebCalendar is vulnerable to cross-site scripting, caused by improper validation of user-supplied input...
OpenHarmony denial of service | CVE-2023-47216
NAME__________OpenHarmony denial of servicePlatforms Affected:Risk Level:2.9Exploitability:Consequences:Denial of Service DESCRIPTION__________OpenHarmony is vulnerable to a denial of service. By occupying all resources,...
S-CMS member/reg.php SQL injection | CVE-2023-7191
NAME__________S-CMS member/reg.php SQL injectionPlatforms Affected:S-CMS S-CMS 2.0_build20220529-20231006Risk Level:5.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________S-CMS is vulnerable to SQL injection. A remote authenticated attacker could...
Microsoft Windows Kernel information disclosure |
NAME__________Microsoft Windows Kernel information disclosurePlatforms Affected:Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Microsoft Windows could allow a local authenticated attacker to obtain sensitive information,...
FlyCms cross-site scripting | CVE-2024-21732
NAME__________FlyCms cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________FlyCms is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...
Wireshark denial of service | CVE-2024-0209
NAME__________Wireshark denial of servicePlatforms Affected:Wireshark Wireshark 4.2.0Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Wireshark is vulnerable to a denial of service, caused by...
OpenHarmony denial of service | CVE-2023-49142
NAME__________OpenHarmony denial of servicePlatforms Affected:Risk Level:4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________OpenHarmony is vulnerable to a denial of service. By using a modified...
MapPress Maps for WordPress plugin for WordPress cross-site scripting | CVE-2023-6524
NAME__________MapPress Maps for WordPress plugin for WordPress cross-site scriptingPlatforms Affected:WordPress MapPress Maps for WordPress plugin for WordPress 2.88.13Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting...
WebCalendar datesel.php cross-site scripting |
NAME__________WebCalendar datesel.php cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WebCalendar is vulnerable to cross-site scripting, caused by improper validation of user-supplied input...
WebCalendar availability.php cross-site scripting |
NAME__________WebCalendar availability.php cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WebCalendar is vulnerable to cross-site scripting, caused by improper validation of user-supplied input...
Kofax Power PDF code execution | CVE-2023-51569
NAME__________Kofax Power PDF code executionPlatforms Affected:Kofax Power PDFRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Kofax Power PDF could allow a remote attacker to execute...
