Month: March 2024

HackerOne Bug Bounty Disclosure: parmetro-xss-nome-de-usurio-chor-o

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:chor4oLink to Submitters Profile:https://hackerone.com/chor4o Report Title:Parmetro XSS: Nome de...

HackerOne Bug Bounty Disclosure: resource-injection-geej

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:geejLink to Submitters Profile:https://hackerone.com/geej Report Title:Resource Injection - Report...

HackerOne Bug Bounty Disclosure: full-access-to-sonarqube-and-docker-elevenoo

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:elevenoo1Link to Submitters Profile:https://hackerone.com/elevenoo1 Report Title:Full Access to sonarQube...

HackerOne Bug Bounty Disclosure: reflective-cross-site-scripting-xss-on-pages-anonymlss

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:anonymlssLink to Submitters Profile:https://hackerone.com/anonymlss Report Title:Reflective Cross Site Scripting...

HackerOne Bug Bounty Disclosure: xss-parameter-s-s-css-chor-o

March 22, 2024

HackerOne Bug Bounty Disclosure: -leaking-pii-of-tour-visitors-names-email-addresses-phone-numbers-via-misconfigured-record-permissions-oxylis

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:oxylisLink to Submitters Profile:https://hackerone.com/oxylis Report Title: leaking PII of...

HackerOne Bug Bounty Disclosure: improper-authentication-login-without-registration-with-any-user-at-archyxsec

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:archyxsecLink to Submitters Profile:https://hackerone.com/archyxsec Report Title:Improper Authentication (Login without...

HackerOne Bug Bounty Disclosure: xss-chor-o

March 22, 2024

HackerOne Bug Bounty Disclosure: attacker-can-add-itself-as-admin-user-and-can-also-change-privileges-of-existing-users-dishant-singh

March 22, 2024

Company Name: U.S. Dept Of Defense Company HackerOne URL: https://hackerone.com/deptofdefense Submitted By:dishant_singhLink to Submitters Profile:https://hackerone.com/dishant_singh Report Title:Attacker can Add itself...

Sliver C2 Detected – 52[.]139[.]156[.]33:31337

March 22, 2024

The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...

Sliver C2 Detected – 157[.]230[.]144[.]71:31337

March 22, 2024

The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...

Black Basta Ransomware Victim: flynncompanies[.]com

March 22, 2024

Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Sliver C2 Detected – 143[.]198[.]135[.]80:31337

March 22, 2024

The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...

Sliver C2 Detected – 129[.]226[.]226[.]178:31337

March 22, 2024

The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...

OctoPrint cross-site scripting | CVE-2024-28237

March 22, 2024

NAME__________OctoPrint cross-site scriptingPlatforms Affected:OctoPrint OctoPrint 1.9.3Risk Level:5.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________OctoPrint is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Axis Communications AB AXIS OS denial of service | CVE-2024-0054

March 22, 2024

NAME__________Axis Communications AB AXIS OS denial of servicePlatforms Affected:Axis Communications AB AXIS OS 11.8Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Axis Communications AB...

Employee Task Management System code execution | CVE-2024-2571

March 22, 2024

NAME__________Employee Task Management System code executionPlatforms Affected:Sourcecodester Employee Task Management System 1.0Risk Level:7.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Employee Task Management System...

Cilium security bypass | CVE-2024-28248

March 22, 2024

NAME__________Cilium security bypassPlatforms Affected:Cilium Cilium 1.13.9 Cilium Cilium 1.14.0 Cilium Cilium 1.15.0Risk Level:7.2Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Cilium could allow a remote attacker...

Employee Task Management System code execution | CVE-2024-2569

March 22, 2024

JFinalCMS SQL injection | CVE-2024-2568

March 22, 2024

NAME__________JFinalCMS SQL injectionPlatforms Affected:jflyfox JFinalCMS 5.0.0Risk Level:4.7Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________JFinalCMS is vulnerable to SQL injection. A remote authenticated attacker could send...

Cilium information disclosure | CVE-2024-28250

March 22, 2024

NAME__________Cilium information disclosurePlatforms Affected:Cilium Cilium 1.14.0 Cilium Cilium 1.15.0Risk Level:6.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Cilium could allow a remote attacker to obtain sensitive...

Employee Task Management System code execution | CVE-2024-2572

March 22, 2024

Cilium information disclosure | CVE-2024-28249

March 22, 2024

NAME__________Cilium information disclosurePlatforms Affected:Cilium Cilium 1.14.0 Cilium Cilium 1.15.0Risk Level:6.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Cilium could allow a remote attacker to obtain sensitive...

Schneider Electric Easergy T200 information disclosure | CVE-2024-2052

March 22, 2024

NAME__________Schneider Electric Easergy T200 information disclosurePlatforms Affected:Schneider Electric Easergy T200 (Modbus) Models: T200I T200E T200P T200S T200H SC2-04MOD-07000104 Schneider Electric...

Month: March 2024

HackerOne Bug Bounty Disclosure: parmetro-xss-nome-de-usurio-chor-o

HackerOne Bug Bounty Disclosure: resource-injection-geej

HackerOne Bug Bounty Disclosure: full-access-to-sonarqube-and-docker-elevenoo

HackerOne Bug Bounty Disclosure: reflective-cross-site-scripting-xss-on-pages-anonymlss

HackerOne Bug Bounty Disclosure: xss-parameter-s-s-css-chor-o

HackerOne Bug Bounty Disclosure: -leaking-pii-of-tour-visitors-names-email-addresses-phone-numbers-via-misconfigured-record-permissions-oxylis

HackerOne Bug Bounty Disclosure: improper-authentication-login-without-registration-with-any-user-at-archyxsec

HackerOne Bug Bounty Disclosure: xss-chor-o

HackerOne Bug Bounty Disclosure: attacker-can-add-itself-as-admin-user-and-can-also-change-privileges-of-existing-users-dishant-singh

Sliver C2 Detected – 52[.]139[.]156[.]33:31337

Sliver C2 Detected – 157[.]230[.]144[.]71:31337

Black Basta Ransomware Victim: flynncompanies[.]com

Sliver C2 Detected – 143[.]198[.]135[.]80:31337

Sliver C2 Detected – 129[.]226[.]226[.]178:31337

OctoPrint cross-site scripting | CVE-2024-28237

Axis Communications AB AXIS OS denial of service | CVE-2024-0054

Employee Task Management System code execution | CVE-2024-2571

Cilium security bypass | CVE-2024-28248

Employee Task Management System code execution | CVE-2024-2569

JFinalCMS SQL injection | CVE-2024-2568

Cilium information disclosure | CVE-2024-28250

Employee Task Management System code execution | CVE-2024-2572

Cilium information disclosure | CVE-2024-28249

Schneider Electric Easergy T200 information disclosure | CVE-2024-2052

[KILLSEC] – Ransomware Victim: Followup CRM

[HUNTERS] – Ransomware Victim: Mantinga

Fortifying Your Digital Fortress: The Role of Firewall Technology in Cybersecurity

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

You may have missed