5327 matches found
The Tricky Aftermath of Source Code Leaks
Lapsus$ hackers leaked Microsoft’s Bing and Cortana source code. How bad is that, really?...
School Club Application System v1.0 SQL injection Vulnerability
Title: School Club Application System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html Reference:...
FreeBSD-SA-22:06.ioctl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:06.ioctl Security Advisory The FreeBSD Project Topic: mpr/mps/mpt driver ioctl heap out-of-bounds write Category: core Module: mpr, mps, mpt Announced:...
Online Sports Complex Booking System 1.0 SQL Injection
Title: Online Sports Complex Booking System 1.0 SQL Injection Author: Zllggggg Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip Reference:...
FreeBSD-SA-22:08.zlib
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:08.zlib Security Advisory The FreeBSD Project Topic: zlib compression out-of-bounds write Category: zlib Module: contrib Announced: 2022-04-06 Credits: Danil...
DarthSidious - Building An Active Directory Domain And Hacking It
The goal is simple To share my modest knowledge about hacking Windows systems. This is commonly refered to as red team exercises. This book however, is also very concerned with the blue team; the defenders. That is, helping those who are working as defenders, analysts and security experts to buil...
Joomla! information disclosure vulnerability (CNVD-2022-64097)
Joomla! is a set of forum components used in the Joomla! content management system. An information disclosure vulnerability exists in versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0, which stems from an error caused by uploading a file name that is too long. The error displays a screen with...
IT Firm Globant Confirms Breach after LAPSUS$ Leaks 70GB of Data
The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as ...
Medical Hub Directory Site 1.0 SQL Injection
Exploit Title: Medical Hub Directory Site - 'id' SQL Injection Date: 30/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Version: 1.0 Tested on:...
Medical Hub Directory Site 1.0 Local File Inclusion
Title: Medical Hub Directory Site LFI To RCE Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...
Pay Slip PDF Generator System 1.0 SQL Injection Vulnerability
Pay Slip PDF Generator System version suffers from multiple remote SQL injection vulnerabilities that can lead to remote code execution. Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Vendor:...
Pay Slip PDF Generator System 1.0 Shell Upload Vulnerability
Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess0.zip...
Online Sports Complex Booking System 1.0 SQL Injection Vulnerability
Exploit Title: Online Sports Complex Booking System - 'id' Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Version: 1.0...
Microsoft and Okta Confirm Data Breach Claims by LAPSUS$
By Deeba Ahmed Both companies have confirmed the breach after Lapsus$ hackers leaked screenshots of Oktas internal system and source code… This is a post from HackRead.com Read the original post: Microsoft and Okta Confirm Data Breach Claims by LAPSUS$...
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
In a new blog post published last night, Microsoft confirmed that the Lapsus$ extortion group hacked one of its employee’s accounts to get “limited access” to project source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single...
Grafana has an unspecified vulnerability (CNVD-2022-25208)
Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is mainly used for monitoring and analyzing Graphite, InfluxDB, Prometheus, etc. A security vulnerability exists in Grafana version 7.3.4 and earlier, which stems from the fact...
Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta
Both Microsoft and Okta are investigating claims by the new, precocious data extortion group Lapsus$ that the gang has breached their systems. Lapsus$ claimed to have gotten itself “superuser/admin” access to internal systems at authentication firm Okta. It also posted 40GB worth of files to its...
workflow-cps-global-lib: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...
'This Is Really, Really Bad': Lapsus$ Gang Claims Okta Hack
Lapsus$ leaking Microsoft source code would be bad enough. Breaching Okta could be much, much worse...
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1)
This post is the first of a multi-part blog series that will explore and highlight the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine a new Microsoft feature for GNU\Linux that increases the attack surface and introduces a lot more...