124 matches found
CVE-2023-44245
CVE-2023-44245 affects the Leap Contractor Contact Form Website to Workflow Tool WordPress plugin (
WordPress Plugin Contractor Contact Form Website to Workflow Tool Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2023-29169 · Unknown · Leap Contractor Contact Form Website To Workflow Tool
Name of the Vulnerable Software and Affected Versions: Leap Contractor Contact Form Website to Workflow Tool plugin versions prior to 4.0.0 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into a...
WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Contractor Contact Form Website to Workflow Tool Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44245 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b979fca96216 Credits...
IT Contractor Data Breach Affects 47,000 Met Police Personnel
By Habiba Rashid The Metropolitan Police Force faces a major security crisis as the contractor's IT system is breached. This is a post from HackRead.com Read the original post: IT Contractor Data Breach Affects 47,000 Met Police Personnel...
LockBit Ransomware Claims Data Breach at SpaceX Contractor
By Deeba Ahmed The cybercrime group has given a deadline of March 20th, 2023 for their demands, which as expected, is a ransom. This is a post from HackRead.com Read the original post: LockBit Ransomware Claims Data Breach at SpaceX Contractor...
PT-2022-11611 · Unknown · Ctrlo Lenio
Name of the Vulnerable Software and Affected Versions: ctrlo lenio affected versions not specified Description: A vulnerability was found in ctrlo lenio and classified as problematic. It affects some unknown functionality of the file views/contractor.tt. The manipulation of the contractor.name...
CVE-2021-4255 ctrlo lenio contractor.tt cross site scripting
A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch ...
ctrlo lenio 安全漏洞
lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio, which stems from some unknown functions in its views/contractor.tt file that operate on the parameter contractor.name allowing an attacker to implement cross-site scripting...
Binance Hackers Minted $569M in Crypto—Then It Got Complicated
Plus: The US warns of a mysterious military contractor breach, a "poisoned" version of the Tor Browser is tracking Chinese users, and more...
New subcontractor can be set for a SCConfirmed task without current subcontractor consent
Lines of code Vulnerability details Malicious builder/contractor can change the subcontractor for any task even if all the terms was agreed upon and work was started/finished, but the task wasn't set to completed yet, i.e. it's SCConfirmed, getAlertstaskID2 == true. This condition is not checked ...
Malicious delegated contractor can block funding tasks or mark tasks as complete
Lines of code Vulnerability details Impact A malicious delegated contractor can add a huge number of tasks or one task with a huge cost. This would then pose problems in allocateFunds as tasks could not be funded. Builder could remove delegation for the contractor but couldn't replace the...
DNA contractor data breach exposed OKC Police’s rape kit information
By Deeba Ahmed The data breach took place in November 2021 but the details of it have only been revealed this… This is a post from HackRead.com Read the original post: DNA contractor data breach exposed OKC Police’s rape kit information...
Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through February 202...
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam
Most people have probably heard of catfishing. That’s when someone adopts a fake online persona, usually to trick someone into falling in love. Now, threat actors have developed their own spin on the grift, developing appealing — objectively hot — profiles to charm victims into downloading malwar...
Hackers posed as aerobics instructors in malware attack on defense contractors
By Deeba Ahmed Iranian hackers used social media platforms especially Facebook to target employees of an aerospace defense contractor to steal their login credentials. This is a post from HackRead.com Read the original post: Hackers posed as aerobics instructors in malware attack on defense...
Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees
An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint...
Guess Fashion Deals With Data Loss, Post-Ransomware
A February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still causing damage. Guess has started sending letters to 1,300 employees and contractors who had their personal and banking data exposed during the breach. The letter, published by...
Revil ransomware gang claims breaching US nuclear weapons contractor
By Deeba Ahmed The REvil ransomware gang have said that they will auction the data belonging to Sol Oriens, a US-based nuclear weapons contractor. This is a post from HackRead.com Read the original post: Revil ransomware gang claims breaching US nuclear weapons contractor...
Watering Hole Attack Was Used to Target Florida Water Utilities
An investigation undertaken in the aftermath of the Oldsmar water plant hack earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what's known as a watering hole attack. "This malicious code seemingly targeted water...