CISA: CISA Releases Fifteen Industrial Control Systems Advisories
CISA Releases Fifteen Industrial Control Systems Advisories CISA released fifteen Industrial Control Systems (ICS) advisories on March 14, 2024. These...
Month: March 2024
HackerOne Bug Bounty Disclosure: bypassing-the-block-of-security-domain-restriction-and-normally-invite-blocked-domains-with-special-characters-bugsv
Company Name: Frontegg Company HackerOne URL: https://hackerone.com/frontegg Submitted By:bugsv2Link to Submitters Profile:https://hackerone.com/bugsv2 Report Title:Bypassing the block of Security Domain Restriction...
HackerOne Bug Bounty Disclosure: patch-method-manipulation-allowing-the-users-to-escalate-their-functionalities-and-edit-upgrade-downgrade-api-keys-settings-which-is-not-allowed-bugsv
Company Name: Frontegg Company HackerOne URL: https://hackerone.com/frontegg Submitted By:bugsv2Link to Submitters Profile:https://hackerone.com/bugsv2 Report Title:PATCH method manipulation allowing the users to...
HackerOne Bug Bounty Disclosure: open-redirect-via-non-latin-subdomain-in-vcc-x-com-agui-php-pentestor
Company Name: 8x8 Bounty Company HackerOne URL: https://hackerone.com/8x8-bounty Submitted By:pentestorLink to Submitters Profile:https://hackerone.com/pentestor Report Title:Open Redirect via Non-Latin Subdomain in...
Critical Vulnerabilities in Unitronics Products
Unitronics has released security updates to address critical vulnerabilities (CVE-2024-27767 and CVE-2024-27768) affecting their Unistream Unilogic software, an interface for...
Black Basta Ransomware Victim: interluxury[.]com
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Sliver C2 Detected – 64[.]23[.]191[.]37:31337
The Information provided at the time of posting was detected as "Sliver C2". Depending on when you are viewing this...
MAGESH-K21 cross-site scripting | CVE-2024-2525
NAME__________MAGESH-K21 cross-site scriptingPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to cross-site scripting, caused by improper validation of...
MAGESH-K21 file upload | CVE-2024-2531
NAME__________MAGESH-K21 file uploadPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System could allow a remote attacker to upload arbitrary files, caused...
MAGESH-K21 cross-site scripting | CVE-2024-2519
NAME__________MAGESH-K21 cross-site scriptingPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to cross-site scripting, caused by improper validation of...
GoAnywhere MFT directory traversal | CVE-2024-25156
NAME__________ GoAnywhere MFT directory traversalPlatforms Affected: GoAnywhere MFT 7.4.1Risk Level:6.5Exploitability:Not DefinedConsequences:Obtain Information DESCRIPTION__________GoAnywhere MFT could allow a remote attacker to...
MAGESH-K21 SQL injection. | CVE-2024-2528
NAME__________MAGESH-K21 SQL injection.Platforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to SQL injection. A remote authenticated attacker could...
Nuclei code execution | CVE-2024-27920
NAME__________Nuclei code executionPlatforms Affected:ProjectDiscovery Nuclei 2.9.8 ProjectDiscovery Nuclei 3.0.0Risk Level:7.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Nuclei could allow a remote attacker to execute arbitrary...
PaperCut NG/MF code execution | CVE-2024-1654
NAME__________PaperCut NG/MF code executionPlatforms Affected:PaperCut PaperCut NG/MFRisk Level:7.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________PaperCut NG/MF could allow a remote authenticated attacker to execute arbitrary...
Tenda AC18 buffer overflow | CVE-2024-28550
NAME__________Tenda AC18 buffer overflowPlatforms Affected:Tenda AC18 15.03.05.05Risk Level:7.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________Tenda AC18 is vulnerable to a stack-based buffer overflow,...
MAGESH-K21 cross-site scripting | CVE-2024-2518
NAME__________MAGESH-K21 cross-site scriptingPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to cross-site scripting, caused by improper validation of...
MAGESH-K21 SQL injection. | CVE-2024-2527
NAME__________MAGESH-K21 SQL injection.Platforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to SQL injection. A remote authenticated attacker could...
MAGESH-K21 cross-site scripting | CVE-2024-2526
NAME__________MAGESH-K21 cross-site scriptingPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable cross-site scripting, caused by improper validation of user-supplied...
MAGESH-K21 cross-site scripting | CVE-2024-2523
NAME__________MAGESH-K21 cross-site scriptingPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to cross-site scripting, caused by improper validation of...
MAGESH-K21 file upload | CVE-2024-2529
NAME__________MAGESH-K21 file uploadPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System could allow a remote attacker to upload arbitrary files, caused...
MAGESH-K21 SQL injection | CVE-2024-2517
NAME__________MAGESH-K21 SQL injectionPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to SQL injection. A remote authenticated attacker could...
MAGESH-K21 cross-site scripting | CVE-2024-2530
NAME__________MAGESH-K21 cross-site scriptingPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to cross-site scripting, caused by improper validation of...
MAGESH-K21 SQL injection. | CVE-2024-2520
NAME__________MAGESH-K21 SQL injection.Platforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to SQL injection. A remote authenticated attacker could...
MAGESH-K21 cross-site scripting | CVE-2024-2521
NAME__________MAGESH-K21 cross-site scriptingPlatforms Affected:MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________MAGESH-K21 Online-College-Event-Hall-Reservation-System is vulnerable to cross-site scripting, caused by improper validation of...
