GHSA-CWQ3-QP8V-W8Q3 Mortbay Jetty Discloses JSP Source Code

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash %5C characters. NOTE: this might be the same issue as CVE-2006-2758...

Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

GHSA-8V5P-2CPV-C2X6 Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

Apache Tomcat Source Code Disclosure

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

GHSA-JXCV-V856-J5VG Apache Tomcat Source Code Disclosure

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

Jakarta Tomcat Directory Listing vulnerability

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character...

Amazon Linux 2 : gcc10, gcc (ALAS-2022-1784)

The version of gcc installed on the remote host is prior to 7.3.1-14. The version of gcc10 installed on the remote host is prior to 10.3.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1784 advisory. A flaw was found in the way Unicode standards are implemented ...

Lapsus$ Hackers Stole T-Mobile’s Source Code and Systems Data

By Deeba Ahmed T-Mobile has acknowledged the breach which occurred before police arrested some of the Lapsus$ members last month. The… This is a post from HackRead.com Read the original post: Lapsus$ Hackers Stole T-Mobiles Source Code and Systems Data...

New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices

A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware. Dubbed "Lilin Scanner" by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection...

GLPI Information Disclosure Vulnerability (CNVD-2022-44238)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges...

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs shared internal chats belonging to the core members of the...

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of...

CVE-2022-24867 LDAP password exposure in glpi

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldappass is not filtered and when you look at the source code of the...

Index Minting and Redemption Can Be Frontrun

Lines of code Vulnerability details Impact According to the provided source code, the user must transfer the underlying asset to the contract prior to calling mint or the index token before to calling burn. If these two actions are performed on the difference block, it introduces the risk that...

Online Restaurant Table Reservation System 1.0 SQL Injection Vulnerability

Exploit Title: Online Restaurant Table Reservation System v1.0 Exploit Author: segf0lt Vendor Homepage: https://www.sourcecodester.com/php/15286/online-restaurant-table-reservation-system-phpoop-free-source-code.html Software Link:...

EulerOS 2.0 SP10 : binutils (EulerOS-SA-2022-1481)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of character...

Pharmacy Management System 1.0 Shell Upload

Exploit Title: Pharmacy management system - Remote Code Execution RCE Date: 19/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Version:...

GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku an...

Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free

A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download...

Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer

Update 04/14/22: Following the initial publication of this blog, we observed a new post in the Haskers Gang Telegram channel announcing that ownership of the ZingoStealer project is being transferred to a new threat actor. We also observed the malware author offering to sell the source code for...