RedPacket Security - InfoSec News & Tutorials

HackerOne Bug Bounty Disclosure: python-:-add-query-to-detect-pam-authorization-bypassbyporcupineyhairs

March 22, 2023

Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by porcupineyhairs porcupineyhairs Report Python : Add query to detect PAM...

HackerOne Bug Bounty Disclosure: c/c++:-command-injection-via-wordexpbyihsinme

March 22, 2023

Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by ihsinme ihsinme Report C/C++: Command injection via wordexp Full Report...

HackerOne Bug Bounty Disclosure: [python]-unsafe-unpacking-using-shutil-unpack_archive()-query-and-testsbysim4n6

March 22, 2023

Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by sim4n6 sim4n6 Report Unsafe unpacking using shutil.unpack_archive() query and tests...

HackerOne Bug Bounty Disclosure: [cpp]:-add-query-for-cwe-125-out-of-bounds-read-with-different-interpretation-of-the-string-when-use-mbtowcbyporcupineyhairs

March 22, 2023

Programme HackerOne GitHub Security Lab GitHub Security Lab Submitted by porcupineyhairs porcupineyhairs Report : Add query for CWE-125 Out-of-bounds Read...

CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

March 22, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of...

New ‘Bad Magic’ Cyber Threat Disrupts Ukraine’s Key Sectors Amid War

March 22, 2023

Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have...

ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

March 22, 2023

The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to...

NAPLISTENER: New Malware in REF2924 Group’s Arsenal for Bypassing Detection

March 22, 2023

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in...

Preventing Insider Threats in Your Active Directory

March 22, 2023

Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes...

LockBit 3.0 Ransomware Victim: mangiainc[.]com

March 22, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: cabinet-paillet[.]fr

March 22, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

LockBit 3.0 Ransomware Victim: kaycan[.]com

March 22, 2023

LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...

Discourse denial of service | CVE-2023-28107

March 22, 2023

NAME__________Discourse denial of servicePlatforms Affected:Risk Level:4.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Discourse is vulnerable to a denial of service, caused by improper allocation...

silverstripe/graphql denial of service | CVE-2023-28104

March 22, 2023

NAME__________silverstripe/graphql denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________silverstripe/graphql is vulnerable to a denial of service, caused by a flaw...

Discourse server-side request forgery | CVE-2023-28111

March 22, 2023

NAME__________Discourse server-side request forgeryPlatforms Affected:Risk Level:5.7Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Discourse is vulnerable to server-side request forgery, caused by a flaw in the...

RockOA file upload | CVE-2023-1501

March 22, 2023

NAME__________RockOA file uploadPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________RockOA could allow a remote authenticated attacker to upload arbitrary files, caused by improper...

Discourse cross-site scripting | CVE-2023-26040

March 22, 2023

NAME__________Discourse cross-site scriptingPlatforms Affected:Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Discourse is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...

svg-sanitizer cross-site scripting | CVE-2023-28426

March 22, 2023

NAME__________svg-sanitizer cross-site scriptingPlatforms Affected:svg-sanitizer svg-sanitizer 0.15.4Risk Level:5.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________svg-sanitizer is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Discourse information disclosure | CVE-2023-23622

March 22, 2023

NAME__________Discourse information disclosurePlatforms Affected:Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Discourse could allow a remote attacker to obtain sensitive information, caused by a flaw...

Discourse server-side request forgery | CVE-2023-28112

March 22, 2023

NAME__________Discourse server-side request forgeryPlatforms Affected:Risk Level:5.9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Discourse is vulnerable to server-side request forgery, caused by a flaw in the...

Pimcore cross-site scripting | CVE-2023-28429

March 22, 2023

NAME__________Pimcore cross-site scriptingPlatforms Affected:Pimcore Pimcore 10.5.18Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Pimcore is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

RapidLoad Power-Up for Autoptimize Plugin for WordPress cross-site request forgery | CVE-2023-1472

March 22, 2023

NAME__________RapidLoad Power-Up for Autoptimize Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress RapidLoad Power-Up for Autoptimize Plugin for WordPress 1.7.1Risk Level:6.3Exploitability:UnprovenConsequences:Gain...

Simple Art Gallery cross-site scripting | CVE-2023-1500

March 22, 2023

NAME__________Simple Art Gallery cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________Simple Art Gallery is vulnerable to cross-site scripting, caused by improper validation...

Discourse cross-site scripting | CVE-2023-25172

March 22, 2023

NAME__________Discourse cross-site scriptingPlatforms Affected:Risk Level:4.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Discourse is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...

Main Story

Editor’s Picks

Trending Story

Featured Story

You may have missed