THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
Any app that can improve business operations is quickly added to the SaaS stack. However, employees don't realize that this SaaS-to-SaaS connectivity, which typically takes place outside the view of…
GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it…
Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012,…
LockBit 3.0 Ransomware Victim: bianchiindustry[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers…
Online Pizza Ordering System /php-opos/index.php SQL injection |
NAME__________Online Pizza Ordering System /php-opos/index.php SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Online Pizza Ordering System is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the /php-opos/index.php…
Izmir Katip Celebi University UBYS cross-site scripting | CVE-2023-0320
NAME__________Izmir Katip Celebi University UBYS cross-site scriptingPlatforms Affected:Izmir Katip Celebi University UBYS 23.03.16Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Izmir Katip Celebi University UBYS is vulnerable to cross-site scripting, caused by improper validation of…
Human Resource Management System /hrm/controller/login.php SQL injection |
NAME__________Human Resource Management System /hrm/controller/login.php SQL injectionPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Human Resource Management System is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the /hrm/controller/login.php…
MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosure | CVE-2022-45635
NAME__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosurePlatforms Affected:Risk Level:7.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android could allow a remote attacker to obtain…
Frontier denial of service | CVE-2023-28431
NAME__________Frontier denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Frontier is vulnerable to a denial of service, caused by a gas cost discrepancy in the modexp precompile when encountering an even…
Medical Certificate Generator App SQL injection | CVE-2023-1566
NAME__________Medical Certificate Generator App SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Medical Certificate Generator App is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the action.php…
Pacsrapor cross-site scripting | CVE-2023-1153
NAME__________Pacsrapor cross-site scriptingPlatforms Affected:Pacsrapor Pacsrapor 1.22Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Pacsrapor is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add,…
Pacsrapor cross-site scripting | CVE-2023-1154
NAME__________Pacsrapor cross-site scriptingPlatforms Affected:Pacsrapor Pacsrapor 1.22Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Pacsrapor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a…
Prestashop tshirtecommerce SQL injection | CVE-2023-27637
NAME__________Prestashop tshirtecommerce SQL injectionPlatforms Affected:Paradox IPR512Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Prestashop tshirtecommerce module is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to designer.php script using the product_id…
Simple and Beautiful Shopping Cart System file upload | CVE-2023-1558
NAME__________Simple and Beautiful Shopping Cart System file uploadPlatforms Affected:Risk Level:4.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Simple and Beautiful Shopping Cart System could allow a remote authenticated attacker to upload arbitrary files, caused by improper…
Sentry SDK for Python information disclosure | CVE-2023-28117
NAME__________Sentry SDK for Python information disclosurePlatforms Affected:Risk Level:7.6Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Sentry SDK for Python could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Django…
MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosure | CVE-2022-45634
NAME__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android information disclosurePlatforms Affected:Risk Level:7.5Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________MEGAFEIS, BOFEI DBD+ Application for IOS & Android could allow a remote attacker to obtain…
Minio information disclosure | CVE-2023-28432
NAME__________Minio information disclosurePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Minio could allow a remote attacker to obtain sensitive information, caused by a flaw in the cluster deployment implementation. By sending a specially-crafted request,…
Cisco ASA, FTD, IOS and IOS XE Software denial of service | CVE-2023-20081
NAME__________Cisco ASA, FTD, IOS and IOS XE Software denial of servicePlatforms Affected:Cisco Adaptive Security Appliance Software Cisco IOS Software Cisco IOS XE Software Cisco Firepower Threat Defense SoftwareRisk Level:6.8Exploitability:UnprovenConsequences:Denial of…
Devolutions Remote Desktop Manager information disclosure | CVE-2023-1574
NAME__________Devolutions Remote Desktop Manager information disclosurePlatforms Affected:Risk Level:2.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Devolutions Remote Desktop Manager could allow a local attacker to obtain sensitive information, caused by information disclosure through an error message…
Air Cargo Management System SQL injection | CVE-2023-1564
NAME__________Air Cargo Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Air Cargo Management System is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the admin/transactions/update_status.php…
Student Study Center Desk Management System cross-site scripting | CVE-2023-1567
NAME__________Student Study Center Desk Management System cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Student Study Center Desk Management System is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by…
NextCloud Server brute force | CVE-2023-25820
NAME__________NextCloud Server brute forcePlatforms Affected:Risk Level:4.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________NextCloud Server is vulnerable to a brute force attack, caused by improper restriction of excessive authentication attempts by the password confirmation modal. By…
Student Study Center Desk Management System cross-site scripting | CVE-2023-1568
NAME__________Student Study Center Desk Management System cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Student Study Center Desk Management System is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by…
Pimcore directory traversal | CVE-2023-28438
NAME__________Pimcore directory traversalPlatforms Affected:Risk Level:6.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Pimcore could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests by the GET method.…