May 2023 - RedPacket Security

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket…

Data Breach Ransomware

NAME__________ZLMediaKit directory traversalPlatforms Affected:ZLMediaKit ZLMediaKitRisk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________ZLMediaKit could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send…

Vulnerabilities

WP TopBar Plugin for WordPress cross-site request forgery | CVE-2023-23680

May 27, 2023

NAME__________WP TopBar Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WP TopBar plugin for WordPress 5.36Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WP TopBar Plugin for WordPress is vulnerable to cross-site request forgery, caused by…

Vulnerabilities

Name Directory Plugin for WordPress cross-site request forgery | CVE-2023-22692

May 27, 2023

NAME__________Name Directory Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Name Directory Plugin for WordPress 1.27.1Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Name Directory Plugin for WordPress is vulnerable to cross-site request forgery, caused by…

Vulnerabilities

My Calendar Plugin for WordPress cross-site request forgery | CVE-2023-23813

May 27, 2023

NAME__________My Calendar Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress My Calendar Plugin for WordPress 3.4.3Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________My Calendar Plugin for WordPress is vulnerable to cross-site request forgery, caused by…

Vulnerabilities

Wireshark denial of service | CVE-2023-0666

May 27, 2023

NAME__________Wireshark denial of servicePlatforms Affected:Wireshark Wireshark 3.6.13 Wireshark Wireshark 4.0.5Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Wireshark is vulnerable to a denial of service, caused by an error in RTPS dissector. By injecting…

Vulnerabilities

Google Analytics by Monster Insights Plugin for WordPress cross-site scripting | CVE-2023-23999

May 27, 2023

NAME__________Google Analytics by Monster Insights Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Google Analytics Plugin for WordPress 8.14.0Risk Level:6.5Exploitability:HighConsequences:Gain Access DESCRIPTION__________Google Analytics by Monster Insights Plugin for WordPress is vulnerable to…

Vulnerabilities

Responsive Pricing Tables Plugin for WordPress cross-site scripting | CVE-2023-2498

May 27, 2023

NAME__________Responsive Pricing Tables Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Responsive Pricing Tables Plugin for WordPress 3.3.19Risk Level:6.4Exploitability:HighConsequences:Gain Access DESCRIPTION__________Responsive Pricing Tables Plugin for WordPress is vulnerable to cross-site scripting, caused…

Vulnerabilities

Briar denial of service | CVE-2023-33980

May 27, 2023

NAME__________Briar denial of servicePlatforms Affected:Briar Briar 1.4Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Briar is vulnerable to a denial of service, caused by a flaw in the Bramble Synchronisation Protocol (BSP). By sending…

Vulnerabilities

Autodesk On-Demand Install Services privilege escalation | CVE-2023-27908

May 27, 2023

NAME__________Autodesk On-Demand Install Services privilege escalationPlatforms Affected:Autodesk On-Demand Install ServicesRisk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Autodesk On-Demand Install Services could allow a local authenticated attacker to gain elevated privileges on the system, caused…

Vulnerabilities

FusionInvoice cross-site scripting |

May 27, 2023

NAME__________FusionInvoice cross-site scriptingPlatforms Affected:FusionInvoice FusionInvoice 2023-1.0Risk Level:6.1Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________FusionInvoice is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Expenses or Tasks" endpoint. A remote attacker…

Vulnerabilities

Theme Tweaker Plugin for WordPress cross-site request forgery | CVE-2023-23713

May 27, 2023

NAME__________Theme Tweaker Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Theme Tweaker Plugin for WordPress 5.20Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Theme Tweaker Plugin for WordPress is vulnerable to cross-site request forgery, caused by…

Vulnerabilities

NETGEAR routers buffer overflow |

May 27, 2023

NAME__________NETGEAR routers buffer overflowPlatforms Affected:Netgear R6700 Netgear R6900 Netgear R7000 Netgear R7100LG Netgear R7300DST Netgear R7900 NETGEAR R8500 NETGEAR R8000Risk Level:6.7Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________NETGEAR routers are vulnerable to a buffer…

Vulnerabilities

Responsive Pricing Tables Plugin for WordPress security bypass | CVE-2023-2494

May 27, 2023

NAME__________Responsive Pricing Tables Plugin for WordPress security bypassPlatforms Affected:WordPress Responsive Pricing Tables Plugin for WordPress 3.3.19Risk Level:5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Responsive Pricing Tables Plugin for WordPress could allow a remote attacker to…

Vulnerabilities

Liferay Portal security bypass | CVE-2023-33949

May 27, 2023

NAME__________Liferay Portal security bypassPlatforms Affected:Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay Portal 7.3.0 Liferay Portal 7.2.0 Liferay Portal 7.1.0 Liferay Portal 7.0.0 Liferay Portal 7.2.1 Liferay Portal…

RedPacket Security

Cobalt Stike Beacon Detected – 82[.]157[.]9[.]58:443

Cobalt Stike Beacon Detected – 47[.]98[.]216[.]22:443

Cobalt Stike Beacon Detected – 103[.]39[.]78[.]208:8080

Cobalt Stike Beacon Detected – 36[.]99[.]39[.]121:55443

Cobalt Stike Beacon Detected – 54[.]89[.]151[.]191:80

Cobalt Stike Beacon Detected – 103[.]146[.]179[.]67:8090

Cobalt Stike Beacon Detected – 43[.]140[.]247[.]138:80

Dark Angel Victim: Gentex Corporation

Dark Angel Victim: ANDRADE GUTIERREZ & ZAGOPE

Dark Angel Victim: Incredible Technologies

ZLMediaKit directory traversal | CVE-2023-31861

WP TopBar Plugin for WordPress cross-site request forgery | CVE-2023-23680

Name Directory Plugin for WordPress cross-site request forgery | CVE-2023-22692

My Calendar Plugin for WordPress cross-site request forgery | CVE-2023-23813

Wireshark denial of service | CVE-2023-0666

Google Analytics by Monster Insights Plugin for WordPress cross-site scripting | CVE-2023-23999

Responsive Pricing Tables Plugin for WordPress cross-site scripting | CVE-2023-2498

Briar denial of service | CVE-2023-33980

Autodesk On-Demand Install Services privilege escalation | CVE-2023-27908

FusionInvoice cross-site scripting |

Theme Tweaker Plugin for WordPress cross-site request forgery | CVE-2023-23713

NETGEAR routers buffer overflow |

Responsive Pricing Tables Plugin for WordPress security bypass | CVE-2023-2494

Liferay Portal security bypass | CVE-2023-33949

You missed

CISA: CISA Releases Five Industrial Control Systems Advisories

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Cisco Releases Security Advisory for Small Business Series Switches

RedPacket Security

Month: May 2023

You missed