120 matches found
EUVD-2021-34797
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...
CVE-2021-47936
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...
CVE-2021-47936 OpenCATS 0.9.4 Remote Code Execution via Resume Upload
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...
CVE-2021-47936 OpenCATS 0.9.4 Remote Code Execution via Resume Upload
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...
PT-2026-39511
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...
HACK NDSU: A Real-World Event to Promote Student Interest in Cybersecurity
Hack NDSU let students scan, probe, and hack North Dakota State University's campus network, under professionals' supervision, providing an aspirational experience, potentially motivating them to enter the field. This paper provides a blueprint for educational hacking events against production...
Everest Ransomware Claims AT&T Careers Breach with 576K Records
Everest ransomware group claims a breach of AT&T Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing...
Fake Google Job Offer Email Scam Targets Workspace and Microsoft 365 Users
Cybersecurity firm Sublime Security details a new credential phishing scam impersonating Google Careers to steal login details from Google Workspace and Microsoft 365 users...
EUVD-2023-40983
Malicious code in bioql PyPI...
Lessons from Ted Lasso for cybersecurity success
Welcome to this week's edition of the Threat Source newsletter. "Be curious, not judgmental," Ted Lasso says, misattributing Walt Whitman. We forgive Ted because... well, he's Ted Lasso. If you've not watched the first season of Ted Lasso, there is a defining moment where Ted confronts a nefariou...
Malicious code in careers.klaviyo.com (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in careers-job-detail (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16052b4d2e03953110406185695adc84ab3af8481eb5790e4b4c0f1421bc1b9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
nuffieldhealthcareers.com Cross Site Scripting vulnerability OBB-3950056
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
careers.nfumutual.co.uk Cross Site Scripting vulnerability OBB-3833970
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
From classroom to cyberfront: Unlocking the potential of the next generation of cyber defenders
In a world where the digital frontier is expanding and cyberattacks are becoming more sophisticated with speed and scale, the guardians of our virtual realms have never been in greater demand.1 It’s important to leverage this year’s Cybersecurity Awareness Month to celebrate the people who keep u...
CVE-2023-37063
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section...
CVE-2023-37063
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section...
CVE-2023-37063
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section...
Design/Logic Flaw
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section...
PT-2023-25776 · Chamilo · Chamilo
Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11.x up to 1.11.20 Description: The issue allows users with admin privilege accounts to insert XSS in the careers and promotions management section. This can potentially lead to malicious script execution. Recommendations:...