226 matches found
Judge.me : Improper Access Control in Ali Express Importer
An improper access control vulnerability was found in the Ali Express Review Importer app, which allowed staff members with no access to the Judge.me app to view all reviews, including hidden and archived ones, from the Judge.me app. The vulnerability was exploited by intercepting and replacing t...
@soutech/ali-jssdk (>=0.1.0 <=0.1.3), kr-ui-temp (=1.0.24) potentially affected by unknown CVE via vertx (=0.0.1-security)
vertx NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on vertx and may be impacted: - @soutech/ali-jssdk =0.1.0, =0.1.3 - kr-ui-temp =1.0.24 Source cves: unknown CVE Source advisory: OSV:MAL-2022-6907...
Malicious code in ali-react-table-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53d15b71d930254298ce564c3c5716d26e3b0f5d81ccbf3169d560b8566a988e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-931 Malicious code in ali-react-table-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53d15b71d930254298ce564c3c5716d26e3b0f5d81ccbf3169d560b8566a988e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Blockchain AltExchanger 1.2.1 SQL Injection Vulnerability
Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...
Blockchain FiatExchanger 2.2.1 SQL Injection
Information Vulnerability Name : Remote Blind SQL Injections in Inout Blockchain FiatExchanger Product : Inout Blockchain FiatExchanger version : 2.2.1 Date : 2022-05-21 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/ Exploit Detail :...
GHSA-HWMH-9JJ9-8C9C Contao CSRF Token Bypass
Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...
Contao CSRF Token Bypass
Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...
GHSA-J99G-QJVX-995G Contao Does Not Expire Tokens Correctly
Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...
Fuel CMS 1.5.0 - Cross-Site Request Forgery Vulnerability
Exploit Title: Fuel CMS 1.5.0 - Cross-Site Request Forgery CSRF Google Dork: NA Exploit Author: Ali J Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.5.0 Version: 1.5.0 Tested on: Windows 10 Steps to Reproduce: 1. Login with us...
Watch as hackers disrupt Iran’s prison computers; leak live footage
By Waqas The group of hackers behind the cyberattack on the Iranian prison goes by the name of Edaalate Ali. Here's what footage was leaked online. This is a post from HackRead.com Read the original post: Watch as hackers disrupt Irans prison computers; leak live footage...
WordPress Display Users plugin <= 2.0.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Display Users plugin versions = 2.0.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
WordPress MicroCopy plugin <= 1.1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress MicroCopy plugin versions = 1.1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
WordPress The Sorter plugin <= 1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress The Sorter plugin versions = 1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...
A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System
A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor." The campaign — dubbed "MeteorExpress" — has not be...
Exploit for Off-by-one Error in Sudo_Project Sudo
Baron Samedit - Sudo CVE 2021-3156 PoC...
Ali Retail Pass App has a logic flaw vulnerability
Ali Retail Pass APP is a mobile mall under Alibaba. A logic flaw vulnerability exists in Ali Retail Pass APP, which can be exploited by attackers to obtain sensitive information...
Janus Vulnerability in Ali Smart App
Ali Intelligence app is a mobile client made by Alibaba based on its Ali Intelligence IoT platform. Ali Intelligence App has a Janus vulnerability that can be exploited by an attacker to gain control of the server...
WordPress Xllentech English Islamic Calendar plugin <= 2.6.7 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Xllentech English Islamic Calendar plugin versions = 2.6.7. Solution Update the WordPress Xllentech English Islamic Calendar plugin to the latest available version at least 2.6.8...
WordPress Video Embed plugin <= 1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali Code Vigilant Project in WordPress Video Embed plugin versions = 1.0. Solution This plugin has been closed as of April 19, 2021 and is not available for download. This closure is temporary, pending a full review...