CVE-2023-33663

In the module “Customization fields fee for your store” aicustomfee from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue...

Sql injection

In the module “Customization fields fee for your store” aicustomfee from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Release 0.2.1 fixed this security issue...

MDR: Empowering Organizations with Enhanced Security

Managed Detection and Response MDR has emerged as a crucial solution for organizations looking to bolster their security measures. MDR allows businesses to outsource the management of Endpoint Detection and Response EDR products deployed across their network domain. With real-time threat-hunting...

HardHatC2 - A C# Command And Control Framework

A cross-platform, collaborative, Command & Control framework written in C, designed for red teaming and ease of use. HardHat is a multiplayer C .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life...

Unveiling Nebula's Report 2.0: A new approach to security reporting

We're excited to announce Report 2.0, a major upgrade to our report system in Nebula. Report 2.0 is not just a cosmetic touch up--it's a completely revamped security reporting solution designed to cater to your diverse business requirements, allowing for a more dynamic, data-driven approach to IT...

USN-6042-1: Cloud-init vulnerability

James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege...

How to Customize Gateway Login Page Labels for Custom Theme when nFactor Login Schema is enabled

This article helps you customize gateway login page labels such as username/password field labels for custom theme when you are using nfactor authentication...

April 11, 2023—KB5025239 (OS Build 22621.1555)

April 11, 2023—KB5025239 OS Build 22621.1555 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to find out...

Grepmarx - A Source Code Static Analysis Platform For AppSec Enthusiasts

Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features SAST Static Analysis Security Testing capabilities: Multiple languages support: C/C++, C, Go, HTML, Java, Kotlin, JavaScript,...

CVE-2023-27638

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommercedesigncartid GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and...

ByWater Solutions bywater-koha-xslt SQL注入漏洞

ByWater Solutions bywater-koha-xslt is ByWater Solutions' Koha repository for XSLT customization for ByWater partners. ByWater Solutions bywater-koha-xslt suffers from a SQL injection vulnerability that stems from manipulation of the parameter name that can lead to sql injection...

CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

K22494544: SNMP Incorrect Access Control vulnerability CVE-2017-5135

Security Advisory Description Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor formerly Cisco DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from th...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

UBUNTU-CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

SUSE CVE-2014-1561

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...

IdentityIQ 安全漏洞

IdentityIQ is a security software from IdentityIQ, Inc. which provides credit monitoring, identity insurance, and antivirus. A security vulnerability exists in IdentityIQ that stems from allowing authenticated users assigned the Identity Administrator capability or any capability that includes...

BlueHound - Tool That Helps Blue Teams Pinpoint The Security Issues That Actually Matter

BlueHound is an open-source tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network It is a fork o...

ASB-A-246301995

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...