European Spyware Vendor Offering Android and iOS Device Exploits

By Deeba Ahmed The proposal documents were leaked on a Russian hacking forum showing Intellexa is offering remote data extraction from Android and iOS devices in exchange for $8 million. This is a post from HackRead.com Read the original post: European Spyware Vendor Offering Android and iOS Devi...

Iranian APT’s new data extraction tool Hyperscrape

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Charming Kitten, an Iranian government-backed threat group, has been employing a new data extraction tool, HYPERSCAPE. It has been used to retrieve data from Microsoft Outlook, Yahoo, and Gmail accounts...

USN-5525-1 libxml-security-java vulnerability

It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...

CVE-2022-32246

SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...

CVE-2022-32246

SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...

CVE-2022-32246

SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...

Design/Logic Flaw

SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...

Verbatim Keypad Secure USB Drive 加密问题漏洞

The Verbatim Keypad Secure USB Drive is a hardware encrypted USB flash drive from the Chinese company Verbatim. The Verbatim Keypad Secure USB Drive is vulnerable to an encryption issue that arises from the use of an insecure encryption mode that could allow an attacker to extract information eve...

Code injection

Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...

CVE-2022-29597

Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...

CVE-2021-45821

A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order...

CVE-2022-27201

The CVE-2022-27201 entry affects Jenkins Semantic Versioning Plugin, version 1.13 and earlier. The root cause is that the plugin does not restrict execution of a controller/agent message to agents and imposes no limits on the file path that can be parsed, enabling crafted files that leverage exte...

CVE-2021-44478

CVE-2021-44478 affects Siemens Polarion ALM and its SVN WebClient: Cross-Site Scripting due to improper neutralization of data sent to web pages in the SVN WebClient. Affected: Polarion ALM (all versions prior to v21 R2 P2) and Polarion WebClient for SVN (all versions). Impact: could allow an att...

OS4Ed OpenSIS SQL注入漏洞

OS4Ed OpenSIS is OS4Ed's commercial-grade, secure, scalable and intuitive student information system, school management software. With all the functionality to run single or multiple institutions in a single installation, OS4Ed OpenSIS version 8.0 is vulnerable to SQL injection, which can be...

WordPress Futurio Extra plugin SQL injection vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Futurio Extra plugin prior to 1.6.3, which stems from a lack of filtering and escaping of SQL data submitted by users. A highly privileg...

CVE-2021-25109

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting XSS against logged in admins by making send open a malicious link...

Cross site scripting

The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting XSS against logged in admins by making send open a malicious link...

WordPress和WordPress plugin SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Futurio Extra plugin prior to 1.6.3, which stems from a lack of filtering and escaping of SQL data submitted by users. A highly privileg...

Input validation

An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database...

Navidrome SQL Injection Vulnerability

Navidrome is a web-based open source music collection server and streamer. Used to freely listen to music collections from any browser or mobile device, a SQL injection vulnerability exists in versions of Navidrome prior to 0.47.5, which stems from a lack of validation of externally entered SQL...