5324 matches found
Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code
Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed a...
Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code
Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed a...
Online News Portal 1.0 Cross Site Scripting Vulnerability
Online News Portal version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version was made by Parshwa Bhavsar in December of 2020. Exploit Title: Online News Portal | Stored Cross-Site Scripting Exploit Author: Richa...
Monitoring Of Students Cyber Accounts System 1.0 Cross Site Scripting
Exploit Title: Monitoring of Students Cyber Accounts System | Stored XSS Exploit Author: Richard Jones Date: 2021-03-12 Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html Software Link:...
Monitoring Of Students Cyber Accounts System 1.0 SQL Injection
Exploit Title: Monitoring of Students Cyber Accounts System | 'un' SQL Injection Exploit Author: Richard Jones Date: 2021-03-12 Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html Software Link:...
Monitoring Of Students Cyber Accounts System 1.0 SQL Injection Vulnerability
Exploit Title: Monitoring of Students Cyber Accounts System | 'un' SQL Injection Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html Software Link:...
Monitoring System (Dashboard) 1.0 SQL Injection
Exploit Title: Monitoring System Dashboard | SQL Injection uname parameter Exploit Author: Richard Jones Date: 2021-01-26 Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...
Monitoring System (Dashboard) 1.0 - uname SQL Injection Vulnerability
Exploit Title: Monitoring System Dashboard 1.0 - 'uname' SQL Injection Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...
Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection
Exploit Title: Monitoring System Dashboard 1.0 - 'uname' SQL Injection Exploit Author: Richard Jones Date: 2021-01-26 Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...
SYS.1.3.A5
Wenn zu installierende Software aus Quellcode kompiliert werden soll, DARF diese NUR unter einem unprivilegierten Benutzeraccount entpackt, konfiguriert und uebersetzt werden. Anschliessend DARF diezu installierende Software NICHT unkontrolliert in das Wurzeldateisystem des Servers installiert...
Sticky Notes Apps Using JavaScript 1.0 Cross Site Scripting
Exploit Title: Sticky Note Apps using JavaScript | Stored Cross Site Scripting Exploit Author: Richard Jones Date: 2021-03-09 Vendor Homepage: https://www.sourcecodester.com/javascript/14742/sticky-note-apps-using-javascript-source-code.html Software Link:...
Hotel And Lodge Management System 1.0 Shell Upload
Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Date: 07-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html...
Online Ordering System 1.0 Shell Upload
Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Date: 04/03/2021 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: 1.0...
Gab's CTO Introduced a Critical Vulnerability to the Site
A review of the open source code shows an account under the executive's name made a mistake that could lead to the kind of breach reported this weekend...
Threatspec - Continuous Threat Modeling, Through Code
Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source...
OWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web Security Scanner
OWASP ASST Automated Software Security Toolkit | A Novel Open Source Web Security Scanner. Note: AWSS is the older name of ASST Introduction Web applications have become an integral part of everyday life, but many of these applications are deployed with critical vulnerabilities that can be fatall...
Covid-19 Contact Tracing System 1.0 - Remote Code Execution Exploit
Exploit Title: Covid-19 Contact Tracing System 1.0 - Remote Code Execution Unauthenticated Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...
Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated) Exploit
Exploit Title: Simple Employee Records System 1.0 - File Upload RCE Unauthenticated Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/11393/employee-records-system.html Software Link:...
Doctor Appointment System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Doctor Appointment System 1.0 - Reflected POST based Cross Site Scripting XSS in comment parameter CVE: CVE-2021-27317 Exploit Author: Soham Bakore Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...
Microsoft open sources CodeQL queries used to hunt for Solorigate activity
A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, suc...