1056 matches found
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
CVE-2023-42335
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component...
CVE-2023-42334
An Indirect Object Reference IDOR in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter...
CVE-2023-42335
The CVE-2023-42335 entry describes an Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and Fl3xx Crew 2.10.37. The issue allows a remote attacker to execute arbitrary code via the Add Attachment function in the New Expense component. The root cause is an unrestricted file upload p...
CVE-2023-42334
The CVE-2023-42334 issue affects Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37, due to an Indirect Object Reference (IDOR) in the user parameter that enables privilege escalation by remote attackers. Root cause is IDOR exposure; impacts include elevated privileges (no info on exploitation specifi...
CVE-2022-44349
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...
CVE-2022-44349
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...
CVE-2022-44349
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...
Cross site scripting
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...
CVE-2022-44349
CVE-2022-44349 affects NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50. The vulnerability is described as Cross Site Scripting (XSS) in multiple sources. Root cause, affected components, and exact exploit details are not provided in the documents. Some connected sources (CNNVD) claim exploitation; however,...
CVE-2022-44349
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...
PT-2023-14454 Β· Navblue S.A.S Β· Navblue N-Ops & Crew
Name of the Vulnerable Software and Affected Versions: NAVBLUE S.A.S N-Ops & Crew version 22.5-rc.50 Description: The issue is related to Cross Site Scripting XSS, which is a type of security vulnerability that can allow an attacker to inject malicious scripts into a website. No information is...
CVE-2022-44349
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting XSS...
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor
Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...
Revolut Faces $20 Million Loss as Attackers Exploit Payment System Weakness
Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds in early 2022. The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed...
INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cybercrime
A suspected senior member of a French-speaking hacking crew known as OPERA1ER has been arrested as part of an international law enforcement operation codenamed Nervone, Interpol has announced. "The group is believed to have stolen an estimated USD 11 million -- potentially as much as 30 million -...
Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware
The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. "While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach...
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets...
New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies
Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. "SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory...
Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China
The advanced persistent threat APT group referred to as Evasive Panda has been observed targeting an international non-governmental organization NGO in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribut...