GitLab: New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields

Summary In Gitlab 15.0.0 a new Customer Relations feature was added that allows us to use quick actions to find the contact we wish to select. However, I noticed that if I set the contact's first name or last name to alertdocument.domain we can get the XSS to trigger when we are attempting to use...

HDFC Bank Database Hacked by zSecure team using SQL injection vulnerability

HDFC Bank Database Hacked by zSecure team using SQL injection vulnerability zSecure team is back in news again, this time they have discovered a critical SQL injection vulnerability in HDFC Bank's Web Portal. Using this critical flaw HDFC Bank's various databases can be accessed and dumped as wel...

[Full-disclosure] Password disclosure and remote access in Netcool/NeuSecure Security information management platform

Multiple security information disclosure paths and remote access Netcool/NeuSecure Security information management platform . Cleartext-storage of passwords in the configuration file Cleartext reporting of user password in the log Default backend Mysql database user and remote access. Laxed...