RedPacket Security - InfoSec News & Tutorials

US-CERT Vulnerability Summary for the Week of July 10, 2023

July 21, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoelra -- parkmatikImproper Neutralization of Special Elements used in an SQL Command...

HackerOne Bug Bounty Disclosure: b-password-reset-endpoint-is-not-brute-force-protected-b-rullzer

July 21, 2023

Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'rullzer'Link to Submitters Profile:https://hackerone.com/b'rullzer' Report Title:b'Password reset endpoint is not brute force...

CISA: Atlassian Releases Security Updates

July 21, 2023

Atlassian Releases Security Updates Atlassian has released its Security Bulletin for July 2023(link is external) to address vulnerabilities in Confluence Data...

Posh C2 Detected – 103[.]230[.]142[.]243:443

July 21, 2023

The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...

Akira Ransomware Victim: Bright Future Electr ic, LLC

July 21, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

Akira Ransomware Victim: Yamaha Canada Music Ltd

July 21, 2023

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...

myCred plugin for WordPress cross-site request forgery | CVE-2023-35096

July 21, 2023

NAME__________myCred plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress myCred plugin for WordPress 2.5Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________myCred plugin for WordPress is...

Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress cross-site request forgery | CVE-2023-35089

July 21, 2023

NAME__________Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Recipe Maker For Your...

InfoDoc Document On-line Submission and Approval System server-side request forgery | CVE-2023-37290

July 21, 2023

NAME__________InfoDoc Document On-line Submission and Approval System server-side request forgeryPlatforms Affected:InfoDoc Document On-line Submission and Approval System 22547 InfoDoc Document...

WooCommerce Ship to Multiple Addresses plugin for WordPress cross-site request forgery | CVE-2023-36514

July 21, 2023

NAME__________WooCommerce Ship to Multiple Addresses plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WooCommerce Shipping Multiple Addresses 3.8.5Risk Level:6.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WooCommerce...

Open Enclave security bypass | CVE-2023-37479

July 21, 2023

NAME__________Open Enclave security bypassPlatforms Affected:Open Enclave Open Enclave SDK 0.19.2Risk Level:5.9Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Open Enclave could allow a remote attacker to...

AutomateWoo plugin for WordPress cross-site request forgery | CVE-2023-36513

July 21, 2023

NAME__________AutomateWoo plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress AutomateWoo Plugin for WordPress 5.7.5Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AutomateWoo plugin for WordPress is...

xHTTP denial of service | CVE-2023-38434

July 21, 2023

NAME__________xHTTP denial of servicePlatforms Affected:xHTTP xHTTPRisk Level:7.5Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________xHTTP is vulnerable to a denial of service, caused...

MeterSphere directory traversal | CVE-2023-37461

July 21, 2023

NAME__________MeterSphere directory traversalPlatforms Affected:MeterSphere MeterSphere 2.10.2 LTSRisk Level:3.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________MeterSphere could allow a remote authenticated attacker to traverse directories on...

KOMET privilege escalation | CVE-2023-3786

July 21, 2023

NAME__________KOMET privilege escalationPlatforms Affected:AURES Technologies KOMETRisk Level:4.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________KOMET could allow a physical attacker to gain elevated privileges on the...

WooCommerce Brands plugin for WordPress cross-site request forgery | CVE-2023-35880

July 21, 2023

NAME__________WooCommerce Brands plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WooCommerce Brands plugin for WordPress 1.6.49Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WooCommerce Brands plugin...

Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK unspecified | CVE-2023-22051

July 21, 2023

NAME__________Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK unspecifiedPlatforms Affected:Oracle GraalVM Enterprise Edition 21.3.6 Oracle GraalVM Enterprise Edition 22.3.2...

Ultimate Member plugin for WordPress cross-site request forgery | CVE-2023-31216

July 21, 2023

NAME__________Ultimate Member plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress Membership Plugin for WordPress 3.2.2Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Ultimate Member plugin for...

WooCommerce Order Barcodes plugin for WordPress cross-site request forgery | CVE-2023-36511

July 21, 2023

NAME__________WooCommerce Order Barcodes plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress WooCommerce Order Barcodes Plugin for WordPress 1.6.4Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________WooCommerce...

Oracle MySQL Server unspecified | CVE-2023-22005

July 21, 2023

NAME__________Oracle MySQL Server unspecifiedPlatforms Affected:Oracle MySQL Server 8.0.33Risk Level:4.4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________An unspecified vulnerability in Oracle MySQL Server related to...

Jaeger UI cross-site scripting | CVE-2023-36656

July 21, 2023

NAME__________Jaeger UI cross-site scriptingPlatforms Affected:Jaegertracing Jaeger UI 1.31.0Risk Level:5.7Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Jaeger UI is vulnerable to cross-site scripting, caused by improper...

Event Manager for WooCommerce plugin for WordPress cross-site scripting | CVE-2023-36383

July 21, 2023

NAME__________Event Manager for WooCommerce plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Event Manager for WooCommerce plugin for WordPress 3.9.5Risk Level:5.9Exploitability:HighConsequences:Cross-Site Scripting...

VMware Tanzu Spring Security security bypass | CVE-2023-34035

July 21, 2023

NAME__________VMware Tanzu Spring Security security bypassPlatforms Affected:VMware Tanzu Spring Security 5.8.0 VMware Tanzu Spring Security 6.0.0 VMware Tanzu Spring Security...

Oracle Business Intelligence Enterprise Edition unspecified | CVE-2023-22061

July 21, 2023

NAME__________Oracle Business Intelligence Enterprise Edition unspecifiedPlatforms Affected:Oracle Business Intelligence Enterprise Edition 6.4.0.0.0Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________An unspecified vulnerability in Oracle Business...

Main Story

Editor’s Picks

Trending Story

Featured Story

You may have missed