Lucene search
K

124 matches found

CVE
CVE
added 2023/10/02 9:58 a.m.48 views

CVE-2023-44245

CVE-2023-44245 affects the Leap Contractor Contact Form Website to Workflow Tool WordPress plugin (

7.1CVSS6AI score0.00351EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/02 12:0 a.m.5 views

WordPress Plugin Contractor Contact Form Website to Workflow Tool Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

7.1CVSS6AI score0.00351EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.5 views

PT-2023-29169 · Unknown · Leap Contractor Contact Form Website To Workflow Tool

Name of the Vulnerable Software and Affected Versions: Leap Contractor Contact Form Website to Workflow Tool plugin versions prior to 4.0.0 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into a...

7.1CVSS6.2AI score0.00351EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/09/29 12:0 a.m.11 views

WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Contractor Contact Form Website to Workflow Tool Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44245 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b979fca96216 Credits...

7.1CVSS6.5AI score0.00351EPSS
Exploits0References2Affected Software1
HackRead
HackRead
added 2023/08/27 5:34 p.m.17 views

IT Contractor Data Breach Affects 47,000 Met Police Personnel

By Habiba Rashid The Metropolitan Police Force faces a major security crisis as the contractor's IT system is breached. This is a post from HackRead.com Read the original post: IT Contractor Data Breach Affects 47,000 Met Police Personnel...

7AI score
Exploits0
HackRead
HackRead
added 2023/03/14 11:5 p.m.22 views

LockBit Ransomware Claims Data Breach at SpaceX Contractor

By Deeba Ahmed The cybercrime group has given a deadline of March 20th, 2023 for their demands, which as expected, is a ransom. This is a post from HackRead.com Read the original post: LockBit Ransomware Claims Data Breach at SpaceX Contractor...

1.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/12/18 12:0 a.m.5 views

PT-2022-11611 · Unknown · Ctrlo Lenio

Name of the Vulnerable Software and Affected Versions: ctrlo lenio affected versions not specified Description: A vulnerability was found in ctrlo lenio and classified as problematic. It affects some unknown functionality of the file views/contractor.tt. The manipulation of the contractor.name...

6.1CVSS6AI score0.00385EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/12/18 12:0 a.m.4 views

CVE-2021-4255 ctrlo lenio contractor.tt cross site scripting

A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch ...

3.5CVSS4.1AI score0.00385EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.5 views

ctrlo lenio 安全漏洞

lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio, which stems from some unknown functions in its views/contractor.tt file that operate on the parameter contractor.name allowing an attacker to implement cross-site scripting...

6.1CVSS5.6AI score0.00385EPSS
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2022/10/08 1:0 p.m.11 views

Binance Hackers Minted $569M in Crypto—Then It Got Complicated

Plus: The US warns of a mysterious military contractor breach, a "poisoned" version of the Tor Browser is tracking Chinese users, and more...

4.2AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.11 views

New subcontractor can be set for a SCConfirmed task without current subcontractor consent

Lines of code Vulnerability details Malicious builder/contractor can change the subcontractor for any task even if all the terms was agreed upon and work was started/finished, but the task wasn't set to completed yet, i.e. it's SCConfirmed, getAlertstaskID2 == true. This condition is not checked ...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.11 views

Malicious delegated contractor can block funding tasks or mark tasks as complete

Lines of code Vulnerability details Impact A malicious delegated contractor can add a huge number of tasks or one task with a huge cost. This would then pose problems in allocateFunds as tasks could not be funded. Builder could remove delegation for the contractor but couldn't replace the...

6.8AI score
Exploits0
HackRead
HackRead
added 2022/02/22 6:10 p.m.19 views

DNA contractor data breach exposed OKC Police’s rape kit information

By Deeba Ahmed The data breach took place in November 2021 but the details of it have only been revealed this… This is a post from HackRead.com Read the original post: DNA contractor data breach exposed OKC Police’s rape kit information...

1.2AI score
Exploits0
ICS
ICS
added 2022/02/16 12:0 p.m.102 views

Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through February 202...

9.8CVSS10AI score0.99999EPSS
Exploits56References164
ThreatPost
ThreatPost
added 2021/08/03 8:16 p.m.52 views

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

Most people have probably heard of catfishing. That’s when someone adopts a fake online persona, usually to trick someone into falling in love. Now, threat actors have developed their own spin on the grift, developing appealing — objectively hot — profiles to charm victims into downloading malwar...

6.6AI score
Exploits0References9
HackRead
HackRead
added 2021/07/28 4:13 p.m.46 views

Hackers posed as aerobics instructors in malware attack on defense contractors

By Deeba Ahmed Iranian hackers used social media platforms especially Facebook to target employees of an aerospace defense contractor to steal their login credentials. This is a post from HackRead.com Read the original post: Hackers posed as aerobics instructors in malware attack on defense...

3.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/07/28 10:6 a.m.61 views

Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint...

1.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/07/13 8:10 p.m.127 views

Guess Fashion Deals With Data Loss, Post-Ransomware

A February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still causing damage. Guess has started sending letters to 1,300 employees and contractors who had their personal and banking data exposed during the breach. The letter, published by...

6.6AI score
Exploits0References7
HackRead
HackRead
added 2021/06/15 7:0 p.m.27 views

Revil ransomware gang claims breaching US nuclear weapons contractor

By Deeba Ahmed The REvil ransomware gang have said that they will auction the data belonging to Sol Oriens, a US-based nuclear weapons contractor. This is a post from HackRead.com Read the original post: Revil ransomware gang claims breaching US nuclear weapons contractor...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/20 9:34 a.m.106 views

Watering Hole Attack Was Used to Target Florida Water Utilities

An investigation undertaken in the aftermath of the Oldsmar water plant hack earlier this year has revealed that an infrastructure contractor in the U.S. state of Florida hosted malicious code on its website in what's known as a watering hole attack. "This malicious code seemingly targeted water...

0.6AI score
Exploits0
Rows per page
Query Builder