Lucene search
+L

226 matches found

Hacker One
Hacker One
added 2022/06/23 2:7 a.m.21 views

Judge.me : Improper Access Control in Ali Express Importer

An improper access control vulnerability was found in the Ali Express Review Importer app, which allowed staff members with no access to the Judge.me app to view all reviews, including hidden and archived ones, from the Judge.me app. The vulnerability was exploited by intercepting and replacing t...

7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/06/20 8:24 p.m.3 views

@soutech/ali-jssdk (>=0.1.0 <=0.1.3), kr-ui-temp (=1.0.24) potentially affected by unknown CVE via vertx (=0.0.1-security)

vertx NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on vertx and may be impacted: - @soutech/ali-jssdk =0.1.0, =0.1.3 - kr-ui-temp =1.0.24 Source cves: unknown CVE Source advisory: OSV:MAL-2022-6907...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:18 p.m.6 views

Malicious code in ali-react-table-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53d15b71d930254298ce564c3c5716d26e3b0f5d81ccbf3169d560b8566a988e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:18 p.m.9 views

MAL-2022-931 Malicious code in ali-react-table-monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53d15b71d930254298ce564c3c5716d26e3b0f5d81ccbf3169d560b8566a988e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
0day.today
0day.today
added 2022/05/24 12:0 a.m.313 views

Blockchain AltExchanger 1.2.1 SQL Injection Vulnerability

Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/23 12:0 a.m.278 views

Blockchain FiatExchanger 2.2.1 SQL Injection

Information Vulnerability Name : Remote Blind SQL Injections in Inout Blockchain FiatExchanger Product : Inout Blockchain FiatExchanger version : 2.2.1 Date : 2022-05-21 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/ Exploit Detail :...

0.6AI score
Exploits0
OSV
OSV
added 2022/05/14 1:9 a.m.28 views

GHSA-HWMH-9JJ9-8C9C Contao CSRF Token Bypass

Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...

8.8CVSS8.6AI score0.00499EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 1:9 a.m.20 views

Contao CSRF Token Bypass

Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7...

8.8CVSS6.8AI score0.00499EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2022/05/13 1:7 a.m.15 views

GHSA-J99G-QJVX-995G Contao Does Not Expire Tokens Correctly

Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...

9.8CVSS9.4AI score0.01254EPSS
Exploits0References6
0day.today
0day.today
added 2022/04/19 12:0 a.m.268 views

Fuel CMS 1.5.0 - Cross-Site Request Forgery Vulnerability

Exploit Title: Fuel CMS 1.5.0 - Cross-Site Request Forgery CSRF Google Dork: NA Exploit Author: Ali J Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.5.0 Version: 1.5.0 Tested on: Windows 10 Steps to Reproduce: 1. Login with us...

1.5AI score
Exploits0
HackRead
HackRead
added 2021/08/25 8:13 p.m.33 views

Watch as hackers disrupt Iran’s prison computers; leak live footage

By Waqas The group of hackers behind the cyberattack on the Iranian prison goes by the name of Edaalate Ali. Here's what footage was leaked online. This is a post from HackRead.com Read the original post: Watch as hackers disrupt Irans prison computers; leak live footage...

3.4AI score
Exploits0
Patchstack
Patchstack
added 2021/08/22 12:0 a.m.16 views

WordPress Display Users plugin <= 2.0.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Display Users plugin versions = 2.0.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS2.9AI score0.01516EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/22 12:0 a.m.26 views

WordPress MicroCopy plugin <= 1.1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress MicroCopy plugin versions = 1.1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.2AI score0.01516EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/22 12:0 a.m.19 views

WordPress The Sorter plugin <= 1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress The Sorter plugin versions = 1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...

7.2CVSS3.2AI score0.01516EPSS
Exploits2References3Affected Software1
The Hacker News
The Hacker News
added 2021/07/30 7:36 a.m.65 views

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor." The campaign — dubbed "MeteorExpress" — has not be...

1.1AI score
Exploits0
GithubExploit
GithubExploit
added 2021/06/30 6:0 p.m.155 views

Exploit for Off-by-one Error in Sudo_Project Sudo

Baron Samedit - Sudo CVE 2021-3156 PoC...

7.8CVSS7.7AI score0.99295EPSS
Exploits81
CNVD
CNVD
added 2021/06/03 12:0 a.m.4 views

Ali Retail Pass App has a logic flaw vulnerability

Ali Retail Pass APP is a mobile mall under Alibaba. A logic flaw vulnerability exists in Ali Retail Pass APP, which can be exploited by attackers to obtain sensitive information...

6.7AI score
Exploits0
CNVD
CNVD
added 2021/06/02 12:0 a.m.3 views

Janus Vulnerability in Ali Smart App

Ali Intelligence app is a mobile client made by Alibaba based on its Ali Intelligence IoT platform. Ali Intelligence App has a Janus vulnerability that can be exploited by an attacker to gain control of the server...

7.3AI score
Exploits0
Patchstack
Patchstack
added 2021/05/27 12:0 a.m.19 views

WordPress Xllentech English Islamic Calendar plugin <= 2.6.7 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress Xllentech English Islamic Calendar plugin versions = 2.6.7. Solution Update the WordPress Xllentech English Islamic Calendar plugin to the latest available version at least 2.6.8...

8.8CVSS2.9AI score0.01586EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/05/19 12:0 a.m.15 views

WordPress Video Embed plugin <= 1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali Code Vigilant Project in WordPress Video Embed plugin versions = 1.0. Solution This plugin has been closed as of April 19, 2021 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS3.3AI score0.01568EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder