A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched....
3.5CVSS
6.2AI Score
0.0004EPSS
CVE-2024-4075 Kashipara Online Furniture Shopping Ecommerce Website login.php cross site scripting
A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The.....
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched....
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can.....
3.5CVSS
5.5AI Score
0.001EPSS
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can.....
3.5CVSS
6.2AI Score
0.001EPSS
CVE-2024-4072 Kashipara Online Furniture Shopping Ecommerce Website search.php cross site scripting
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site scripting. It is possible to launch the attack...
3.5CVSS
5.5AI Score
0.001EPSS
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit.....
8.8CVSS
7.3AI Score
0.001EPSS
A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The...
6.3CVSS
6.9AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The...
6.3CVSS
7.3AI Score
0.0004EPSS
A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The...
6.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit.....
8.8CVSS
7.3AI Score
0.001EPSS
CVE-2024-4071 Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php sql injection
A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit.....
6.3CVSS
9.2AI Score
0.001EPSS
CVE-2024-4070 Kashipara Online Furniture Shopping Ecommerce Website prodList.php sql injection
A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The...
6.3CVSS
7.1AI Score
0.0004EPSS
CVE-2024-4070 Kashipara Online Furniture Shopping Ecommerce Website prodList.php sql injection
A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The...
6.3CVSS
7.5AI Score
0.0004EPSS
CVE-2024-4069 Kashipara Online Furniture Shopping Ecommerce Website search.php sql injection
A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The...
6.3CVSS
7AI Score
0.0004EPSS
Google ad for Facebook redirects to scam
Today, we are looking at a malicious ad campaign targeting Facebook users via Google search. It is well-known that tech support scammers attract new victims by buying ads for certain keywords related to their audience. What is perhaps less known is how it is even possible to impersonate top brands....
6.9AI Score
UnitedHealth Group has given an update on the February cyberattack on Change Healthcare, one of its subsidiaries. In the update, the company revealed the scale of the breach, saying: “Based on initial targeted data sampling to date, the company has found files containing protected health...
7.5AI Score
online-vhs-sachsen.de Cross Site Scripting vulnerability OBB-3921560
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases
European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the industry and governments to take urgent action to ensure public safety across social media platforms....
6.8AI Score
This Website is Selling Billions of Private Messages of Discord Users
By Deeba Ahmed Millions of Discord messages sold online! Protect yourself from leaked usernames, photos & financial details. Learn how to secure your Discord account. This is a post from HackRead.com Read the original post: This Website is Selling Billions of Private Messages of Discord...
7.2AI Score
U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse
The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses. "These individuals have facilitated...
7AI Score
Microsoft Azure ODSP nikisos Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ODSP for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of ODSP. When installed from the official Microsoft GitHub...
7.7AI Score
Gambio Online Webshop 4.9.2.0 Remote Code Execution Exploit
A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an.....
9.8CVSS
10AI Score
0.374EPSS
9.8CVSS
9.7AI Score
0.374EPSS
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites......
6.8AI Score
Empowering Small Businesses in the Digital Age: A Must-Read Guide to Web Application & API Security
Small and medium-sized businesses have increasingly become reliant on web applications - whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital...
7.4AI Score
Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09
This week on the Lock and Code podcast… Our Lock and Code host, David Ruiz, has a bit of an apology to make: “Sorry for all the depressing episodes.” When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to...
7AI Score
Billions of scraped Discord messages up for sale
Four billions public Discord messages are for sale on an internet scraping service called Spy.pet. At first sight there doesn’t seem to be much that is illegal about it. The messages were publicly accessible and there are no laws against scraping data. However, it turns out the site did disregard.....
6.8AI Score
Ransomware Double-Dip: Re-Victimization in Cyber Extortion
**Between crossovers - Do threat actors play dirty or desperate? ** In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether....
6.8AI Score
ToddyCat is making holes in your infrastructure
We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files (LoFiSe and PcExter). This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts...
7.6AI Score
Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
Microsoft has revealed that North Korea-linked state-sponsored cyber actors have begun to use artificial intelligence (AI) to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and...
7.2AI Score
FreeBSD : chromium -- multiple security fixes (9bed230f-ffc8-11ee-8e76-a8a1599412c6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9bed230f-ffc8-11ee-8e76-a8a1599412c6 advisory. Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to...
8.8CVSS
6.5AI Score
0.001EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ecafc4af-fe8a-11ee-890c-08002784c58d advisory. A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause...
7.5CVSS
7.2AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4ebdd56b-fe72-11ee-bc57-00e081b7aa2d advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other ...
5.9CVSS
7.6AI Score
0.963EPSS
[SECURITY] Fedora 40 Update: wordpress-6.5.2-1.fc40
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in...
6.9AI Score
[SECURITY] Fedora 38 Update: wordpress-6.4.4-1.fc38
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in...
6.9AI Score
[SECURITY] Fedora 39 Update: wordpress-6.5.2-1.fc39
Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in...
6.9AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...
8.8AI Score
EPSS
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside.....
10CVSS
7.8AI Score
0.0004EPSS
Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a...
10CVSS
9.8AI Score
0.0004EPSS
Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the.....
9CVSS
9.2AI Score
0.0004EPSS
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside.....
10CVSS
9.7AI Score
0.0004EPSS
Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a...
10CVSS
9.7AI Score
0.0004EPSS
Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a...
10CVSS
7.8AI Score
0.0004EPSS
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside.....
10CVSS
9.6AI Score
0.0004EPSS
Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the.....
9CVSS
7.2AI Score
0.0004EPSS
Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million
The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...
7.5AI Score
CVE-2024-29021 SSRF into Sandbox Escape through Unsafe Default Configuration
Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the.....
9CVSS
9.3AI Score
0.0004EPSS
CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside.....
10CVSS
7.5AI Score
0.0004EPSS