Lucene search
K

24 matches found

CNVD
CNVD
added 2022/03/04 12:0 a.m.8 views

ZOHO ManageEngine SharePoint Manager Plus权限提升漏洞

ZOHO ManageEngine SharePoint Manager Plus is a complete management and auditing solution from ZOHO, Inc. An elevation of privilege vulnerability exists in versions of ZOHO ManageEngine SharePoint Manager Plus prior to 4329, which could be exploited by an attacker to cause sensitive data to be...

9.8CVSS3.6AI score0.02548EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2021/07/13 8:10 p.m.126 views

Guess Fashion Deals With Data Loss, Post-Ransomware

A February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still causing damage. Guess has started sending letters to 1,300 employees and contractors who had their personal and banking data exposed during the breach. The letter, published by...

6.6AI score
Exploits0References7
OpenWrt
OpenWrt
added 2021/01/17 12:0 a.m.26 views

Security Advisory 2021-01-17-1 - OpenWrt forum break-in on 16-Jan-2021

DESCRIPTION Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum https://forum.openwrt.org was breached. It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled. The intruder was able to download a...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/03 7:16 p.m.24 views

Malicious Package in pensi-scheduler

Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/01 8:34 p.m.8 views

GHSA-3WJM-33MW-H388 Malicious Package in s3asy

Version 0.4.8 of s3asy contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.4.8 of this module is found installed you will want ...

7.1AI score
Exploits0References1
OSV
OSV
added 2020/09/01 7:47 p.m.13 views

GHSA-M25Q-FWG4-9V2P Malicious Package in awesome_react_utility

Version 1.0.2 of awesomereactutility contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found installed...

9.8CVSS7.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2020/01/30 4:2 p.m.308 views

U.N. Hack Stemmed From Microsoft SharePoint Flaw

Hackers breached the United Nations network in July by exploiting a Microsoft SharePoint vulnerability, according to reports. The breach, which appears to be an espionage operation, reportedly gave the hackers access to an estimated 400 GB of sensitive data. The breach was swept under the rug by...

7.5CVSS0.4AI score0.99913EPSS
Exploits29References9
Node.js
Node.js
added 2019/10/02 5:49 p.m.18 views

Malicious Package

Overview Version 1.0.3 of bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installed you wi...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/07 7:15 p.m.23 views

Malicious Package

Overview Version 1.0.3 of libubx contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluat...

7AI score
Exploits0Affected Software1
HackRead
HackRead
added 2019/04/29 11:42 p.m.40 views

Change your password: Docker suffers breach; 190k users affected

By Uzair Amir Microsoft says its official Microsoft images hosted in Docker Hub have not been compromised. The company behind Docker, a computer program developed to manage operating-system-level virtualization has announced that it has suffered a data breach and as a result, one of Docker Hub...

2.6AI score
Exploits0
ThreatPost
ThreatPost
added 2018/09/11 12:54 p.m.21 views

Magecart Group Pinned in Recent British Airways Breach

The recent British Airways breach of up to 380,000 payment cards, has been attributed to the infamous Magecart threat actor. Last week, British Airways revealed that the bank card data was compromised after a security breach occurred on the company’s website and mobile app in August. While...

6.8AI score
Exploits0References5
The Hacker News
The Hacker News
added 2018/08/17 12:4 p.m.134 views

16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files

Well, there's something quite embarrassing for Apple fans. Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible. The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure...

Exploits0
Node.js
Node.js
added 2018/05/15 11:46 p.m.14 views

Malicious Package

Overview Version 0.0.7 of react-server-native contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.7 of this module is found...

6.9AI score
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2017/09/08 9:15 a.m.14 views

Equifax Data Breach: Steps You should Take to Protect Yourself

Equifax has suffered one of the largest data breaches in history that has left highly sensitive data of as many as 143 million people—that's nearly half of the US population—in the hands of hackers. Based on the company's investigation, some unknown hackers managed to exploit a security flaw on t...

6.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2017/06/01 12:55 p.m.30 views

OneLogin: Breach Exposed Ability to Decrypt Data

OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data. Headquartered in San Francisco, OneLogin provides single sign-on and...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/04/25 3:34 p.m.13 views

Atlassian Resets HipChat Passwords Following Breach

Atlassian reset user passwords for its group chat service HipChat on Monday following an incident that may have resulted in unauthorized access to a server used by the service. The company began warning users Monday via email that as a result an attacker may have secured access to user informatio...

0.4AI score
Exploits0References5
exploitpack
exploitpack
added 2017/01/27 12:0 a.m.28 views

Radisys MRF - Command Injection

Radisys MRF - Command Injection Title: MRF Web Panel OS Command Injection Vendor: Radisys Vendor Homepage: http://www.radisys.com Product: MRF Web Panel SWMS Version: 9.0.1 CVE: CVE-2016-10043 CWE: CWE-78 Risk Level: High Discovery: Filippos Mastrogiannis, Loukas Alkis & Dimitrios Maragkos COSMOT...

10CVSS0.5AI score0.09528EPSS
Exploits5
The Hacker News
The Hacker News
added 2014/05/09 8:43 a.m.13 views

Popular URL Shortener 'Bitly' User Accounts Reportedly Compromised

The famous URL shortening service is facing a data breach. The very popular URL shortening service Bitly, has issued an urgent security warning saying that its users’ account credentials may have been compromised, according to a blog post published yesterday. "We have reason to believe that Bitly...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2013/08/05 3:55 a.m.20 views

German Video Game 'Crytek' Websites go offline after Security Breach

It seems that German Video Game company 'Crytek' has been the latest victim of hacking attacks on its website and few forums, and caused Crytek's family of websites to go offline. According to the company, "Our Crytek.com, Mycryengine.com, Crydev.net and MyCrysis.com sites were all subject to a...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2011/09/11 2:45 p.m.4 views

Linux Foundation & Linux.com multiple server compromised

Linux Foundation & Linux.com multiple server compromised The Linux Foundation has pulled its websites from the web to clean up from a "security breach". A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down f...

7.2AI score
Exploits0
Rows per page
Query Builder