5315 matches found
Medical Hub Directory Site 1.0 SQL Injection
Exploit Title: Medical Hub Directory Site - 'id' SQL Injection Date: 30/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Version: 1.0 Tested on:...
Medical Hub Directory Site 1.0 Local File Inclusion
Title: Medical Hub Directory Site LFI To RCE Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...
Pay Slip PDF Generator System 1.0 SQL Injection Vulnerability
Pay Slip PDF Generator System version suffers from multiple remote SQL injection vulnerabilities that can lead to remote code execution. Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Vendor:...
Pay Slip PDF Generator System 1.0 Shell Upload Vulnerability
Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess0.zip...
Online Sports Complex Booking System 1.0 SQL Injection Vulnerability
Exploit Title: Online Sports Complex Booking System - 'id' Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Version: 1.0...
Microsoft and Okta Confirm Data Breach Claims by LAPSUS$
By Deeba Ahmed Both companies have confirmed the breach after Lapsus$ hackers leaked screenshots of Oktas internal system and source code… This is a post from HackRead.com Read the original post: Microsoft and Okta Confirm Data Breach Claims by LAPSUS$...
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
In a new blog post published last night, Microsoft confirmed that the Lapsus$ extortion group hacked one of its employee’s accounts to get “limited access” to project source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single...
Grafana has an unspecified vulnerability (CNVD-2022-25208)
Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is mainly used for monitoring and analyzing Graphite, InfluxDB, Prometheus, etc. A security vulnerability exists in Grafana version 7.3.4 and earlier, which stems from the fact...
Lapsus$ Data Kidnappers Claim Snatches From Microsoft, Okta
Both Microsoft and Okta are investigating claims by the new, precocious data extortion group Lapsus$ that the gang has breached their systems. Lapsus$ claimed to have gotten itself “superuser/admin” access to internal systems at authentication firm Okta. It also posted 40GB worth of files to its...
workflow-cps-global-lib: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...
'This Is Really, Really Bad': Lapsus$ Gang Claims Okta Hack
Lapsus$ leaking Microsoft source code would be bad enough. Breaching Okta could be much, much worse...
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1)
This post is the first of a multi-part blog series that will explore and highlight the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine a new Microsoft feature for GNU\Linux that increases the attack surface and introduces a lot more...
CVE-2022-26148
A flaw was found in Grafana when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right-click to view the source code and use Ctrl-F to search for the password in apijsonrpc.php to...
CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...
CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...
UBUNTU-CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...
CVE-2022-26148
Grafana (through 7.3.4) integrated with Zabbix contains a credentials disclosure flaw: the Zabbix password and URL can be exposed by inspecting api_jsonrpc.php in the HTML source after login/registration, enabling an attacker with access to the app to obtain sensitive Zabbix credentials. Root cau...
CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...
Conti Ransomware V. 3, Including Decryptor, Leaked
Pro-Ukraine security researcher @ContiLeaks yesterday uploaded a fresher version of Conti ransomware than they had previously released – specifically, the source code for Conti Ransomware V3.0 – to VirusTotal. ContiLeaks posted a link to the code on Twitter. The code includes a compiled locker an...
Grafana安全漏洞
Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is mainly used for monitoring and analyzing Graphite, InfluxDB, Prometheus, etc. A security vulnerability exists in Grafana version 7.3.4 and earlier, which stems from the fact...