RedPacket Security - InfoSec News & Tutorials

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

August 29, 2023

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to...

Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks

August 29, 2023

Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service...

0ce4da56bde5886963a2ff7b0ddc6035753e82161af70f904437c86cbef0dea0

Survey Provides Takeaways for Security Pros to Operationalize their Remediation Life Cycle

August 29, 2023

Ask any security professional and they'll tell you that remediating risks from various siloed security scanning tools requires a tedious...

Akira Ransomware Victim: Cutler-Smith

August 29, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

Akira Ransomware Victim: Jasper High School

August 29, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

DedeCMS freelist_add.php cross-site scripting | CVE-2023-40874

August 29, 2023

NAME__________DedeCMS freelist_add.php cross-site scriptingPlatforms Affected:DedeCMS DedeCMS 5.7.110Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________DedeCMS is vulnerable to cross-site scripting, caused by improper validation of...

Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects denial of service | CVE-2023-20200

August 29, 2023

NAME__________Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects denial of servicePlatforms Affected:Cisco UCS 6300...

Apache Airflow, Airflow SMTP Provider and Airflow IMAP Provider man-in-the-middle | CVE-2023-39441

August 29, 2023

NAME__________Apache Airflow, Airflow SMTP Provider and Airflow IMAP Provider man-in-the-middlePlatforms Affected:Apache Airflow 2.6.3 Apache Airflow SMTP Provider 1.2.0 Apache Airflow...

Supermicro X11, X12, X13, and H11, H12, H13 motherboards privilege escalation | CVE-2023-34853

August 29, 2023

NAME__________Supermicro X11, X12, X13, and H11, H12, H13 motherboards privilege escalationPlatforms Affected:Supermicro X11 Supermicro H11 Supermicro H12 Supermicro X12 Supermicro...

Order Your Posts Manually Plugin for WordPress cross-site scripting | CVE-2023-32510

August 29, 2023

NAME__________Order Your Posts Manually Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Order Your Posts Manually plugin for WordPress 2.2.5Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting...

Donations Made Easy Plugin for WordPress cross-site scripting | CVE-2023-32603

August 29, 2023

NAME__________Donations Made Easy Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Smart Donations Plugin for WordPress 4.0.12Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Donations Made Easy...

DedeCMS freelist_add.php cross-site scripting | CVE-2023-40876

August 29, 2023

ZTE MF286R command execution | CVE-2023-25649

August 29, 2023

NAME__________ZTE MF286R command executionPlatforms Affected:ZTE MF286R CR_LVWRGBMF286RV1.0.0B04Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ZTE MF286R could allow a remote attacker to execute arbitrary commands...

DedeCMS vote_edit.php cross-site scripting | CVE-2023-40875

August 29, 2023

NAME__________DedeCMS vote_edit.php cross-site scriptingPlatforms Affected:DedeCMS DedeCMS 5.7.110Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________DedeCMS is vulnerable to cross-site scripting, caused by improper validation of...

FV Flowplayer Video Player Plugin for WordPress cross-site scripting | CVE-2023-4520

August 29, 2023

NAME__________FV Flowplayer Video Player Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress FV Flowplayer Video Player Plugin for WordPress 7.5.37.7212Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting...

DedeCMS freelist_edit.php cross-site scripting | CVE-2023-40877

August 29, 2023

NAME__________DedeCMS freelist_edit.php cross-site scriptingPlatforms Affected:DedeCMS DedeCMS 5.7.110Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________DedeCMS is vulnerable to cross-site scripting, caused by improper validation of...

CloudExplorer Lite information disclosure | CVE-2023-39519

August 29, 2023

NAME__________CloudExplorer Lite information disclosurePlatforms Affected:CloudExplorer Lite CloudExplorer Lite 1.3.1Risk Level:4.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________CloudExplorer Lite could allow a remote authenticated attacker to...

QNAP QTS and QuTS hero information disclosure | CVE-2023-34972

August 29, 2023

NAME__________QNAP QTS and QuTS hero information disclosurePlatforms Affected:QNAP QTS 5.0.1 QNAP QuTS hero h5.1.0 QNAP QTS 5.1.0Risk Level:3.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________QNAP...

QNAP QTS and QuTS hero weak security | CVE-2023-34971

August 29, 2023

NAME__________QNAP QTS and QuTS hero weak securityPlatforms Affected:QNAP QTS 5.0.1 QNAP QuTS hero h5.1.0 QNAP QTS 5.1.0Risk Level:7.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________QNAP...

LaikeTui file upload | CVE-2023-4559

August 29, 2023

NAME__________LaikeTui file uploadPlatforms Affected:LaikeTui LaikeTuiRisk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________LaikeTui could allow a remote authenticated attacker to upload arbitrary files, caused by...

JetBrains TeamCity cross-site scripting | CVE-2023-41249

August 29, 2023

NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:JetBrains TeamCity 2018.2.1 JetBrains TeamCity 2018.2.2 JetBrains TeamCity 2019.1.1 JetBrains TeamCity 2018.2.4 JetBrains TeamCity 2023.05Risk Level:4.6Exploitability:UnprovenConsequences:Cross-Site...

JetBrains TeamCity cross-site scripting | CVE-2023-41250

August 29, 2023

BuddyForms Plugin for WordPress cross-site scripting | CVE-2023-25981

August 29, 2023

NAME__________BuddyForms Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress BuddyForms Plugin for WordPress 2.8.1Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________BuddyForms Plugin for WordPress is vulnerable...

Saho ADM-100 and ADM-100FP security bypass | CVE-2023-38030

August 29, 2023

NAME__________Saho ADM-100 and ADM-100FP security bypassPlatforms Affected:Saho ADM-100 0.0.4.0 Saho ADM-100 0.0.4.3 Saho ADM-100 0.0.4.6 Saho ADM-100 0.0.4.8 Saho ADM-100...

Main Story

Editor’s Picks

Trending Story

Featured Story

You may have missed