Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

Improper access control

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

CVE-2023-33740

CVE-2023-33740 affects luowice v3.5.18, with improper access control allowing attackers to access cloud source code information by modifying the Verify parameter in a warning message. Publicly available sources consistently identify the affected component as luowice v3.5.18 and describe the root ...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

Luowice 安全漏洞

Luowice is a cloud app for a series of security monitoring devices from China-based Luowice. A security vulnerability exists in Luowice version 3.5.18, which stems from incorrect access control and can be exploited by an attacker to access cloud source code information...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

Malicious code in cptalertbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 88c1f10ff1d7a9b89a479bd30b9548a7adc533c677f7913c88563b08e9d28814 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

MAL-2023-1148 Malicious code in cptalertbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 88c1f10ff1d7a9b89a479bd30b9548a7adc533c677f7913c88563b08e9d28814 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

MAL-2023-602 Malicious code in mintel-react-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0a1835239b54b7888436777e7e123e588fdbf2fe1ca95d9162e6803d5027515e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-601 Malicious code in mintel-navigation (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 03a09fa2fc3578a5c0280069c7cd04c797a86836c205896be3dc0fb53c5b3353 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in mintel-react-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0a1835239b54b7888436777e7e123e588fdbf2fe1ca95d9162e6803d5027515e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-603 Malicious code in mintel-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 13b8e3e53b1d2298f3798c2348d1caa9ccbbf59e520e7f67897fe51f6d9591ba Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code

The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool,...

Amount of project token minted to beneficiary by JBXBuybackDelegate._mint function is not checked against an expected minimum number of project tokens to be minted to such beneficiary

Lines of code Vulnerability details Impact Calling the following JBPayoutRedemptionPaymentTerminal31.pay function executes fundingCycle, tokenCount, delegateAllocations, memo = store.recordPaymentFrompayer, bundledAmount, projectId, baseWeightCurrency, beneficiary, memo, metadata. File:...

AlmaLinux 8 : emacs (ALSA-2023:3042)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3042 advisory. - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C...

RA Group’s Custom Ransomware Hits US & South Korea

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The emergence of the RA ransomware group highlights the utilization of the recently leaked Babuk ransomware source code as they employ it to develop their variant of the malware. To receive real-time...

EulerOS Virtualization 2.10.1 : emacs (EulerOS-SA-2023-1887)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code

Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023. The actor is swiftly expanding its operations. To date, the group has compromised three organizations in the U.S. and one in South Korea across several business verticals,...