U.S. Dept Of Defense: ██████████ bruteforceable RIC Codes allowing information on contracts

Summary: I'm entirely sure if this is anything useful from an attacker's purpose. Close the report if its not sensitive or non impactful. I noticed the DoD Warning mentioned it's sensitive so I thought to report it regardless just incase I noticed ████████ has a functionality to let you look up R...

keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution

Heap-based buffer overflow vulnerability in extractstatuscode function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary...

Privilege Bypass Vulnerability in Schneider Electric P3420 PLC Module

Schneider Electric Modicon M340 PLC is a programmable controller product of Schneider Electric France. A privilege bypass vulnerability exists in the Schneider Electric P3420 PLC module. An attacker can cause the PLC to start and stop by constructing PLC start-stop data messages using private...

CVE-2019-13352

WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Ability to Write a Note to a Private Snippet Recent Pipeline Information Disclosed to Unauthorised Users Resource Exhaustion Attack Error Caused by Encoded Characters in Comments Authorization Issues in GraphQL Number of Merge Requests was Accessible Enabling One of the Service...

Malicious Package

rpc-websocket contains malicious codes which open a backdoor to a remote server and execute arbitrary commands. If the user has root priviledge, the attacker could fully compromise the machine...

PRODSECBUG-2164: Use of cryptographically weak PRNG to create gift card codes

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Workspace App for mobile devices not showing apps - no apps available at this time - error 451

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. - iOS throws "No apps available at this time"after login attempt -Android throws Error code 451 afte...

Rustbuster - DirBuster For Rust

DirBuster for Rust. Usage There are three modules currently implemented: 1. Dirbuster default rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php 2. Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist 3. Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w...

Remote Code Execution (RCE)

Charka Core is vulnerable to Remote Code Execution. This is due to an improper type-check when the engine handles objects in memory. This allows an attacker to execute arbitrary codes with user permission. If the user has admin rights, the attacker can potentially take control of the system...

Malicious Package

require-ports is a malicious package. It contains malicious codes in its pre-install script that attempt to download a file from a remote server, executes it and opens a backdoor...

USN-3995-1 keepalived vulnerability

It was discovered that Keepalived incorrectly handled certain HTTP status response codes. A remote attacker could use this issue to cause Keepalived to crash, resulting in a denial of service, or possibly execute arbitrary code...

Code Injection

ansible-tower is vulnerable to code injection vulnerability. The users who have access to create variables for a job template could execute arbitrary codes on the Tower server...

Horn3t - Powerful Visual Subdomain Enumeration At The Click Of A Mouse

Horn3t is your Nr 1 tool for exploring subdomains visually. Building on the great Sublist3r framework or extensible with your favorite one it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and...

EulerOS Virtualization 2.5.3 : openssh (EulerOS-SA-2019-1355)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or...

Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date. In a statement, Binance's CEO Changpeng Zhao said the company discovered a "large scale security breach" earlier o...

Rockwell Automation Micrologix 1400 <= 21.2 Fault Bits Exploit

Binary data 720224.prm...

Freedom Mobile leaked millions of card data with CVV codes in plain text

By Uzair Amir The company claims it does not share user data with others but looks like it does. Another day, another data breach; this time an unprotected database has been discovered leaking personal and financial data of millions of Canadians. Identified by researchers at vpnMentor along with...

Popular Online Tutoring Marketplace 'Wyzant' Suffers Data Breach

Wyzant —an online marketplace that makes it easy for parents and students to connect with private tutors, in-person and online, in over 250 different subjects—has suffered a data breach exposing "certain personal identification information" for its customers. The Hacker News received a copy of an...

The vulnerability of the Agent component of the Dr.Web anti-virus protection software, Dr.Web Enterprise Security Suite, allows a hacker to execute system commands.

The vulnerability of the Agent Dr.Web component in the Dr.Web Enterprise Security Suite antivirus protection tool is related to deficiencies in the mechanism for checking the digital signatures of executable files during the creation of communication channels with drivers. Exploiting this...