74 matches found
Elasticsearch ECE 7.13.3 Database Disclosure
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
USN-4693-1 ampache vulnerabilities
It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. CVE-2019-12385 It was discovered that an XSS vulnerability in...
CVE-2020-26649
AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php...
German Police seize DDoSecrets server hosting BlueLeaks data dump
By Waqas The BlueLeaks data dump contained sensitive information on Police, Fusion centers which were recently leaked by WikiLeaks-like service called DDoSecrets. German police have seized a server that hosted the BlueLeaks data dump. As previously reported, BlueLeaks referees to a leaked databas...
Hacking Hardware Password Managers: The RecZone
TL:DR Hardware security can be difficult to fathom, so I set out to research three password vaults as a newbie, sharing my findings. I picked three popular hardware vaults, each with different components, requiring different skills and equipment. Here's how I learned about disassembly, chipset...
CVE-2019-12385
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches even guest users can dump any data contained in the database sessions, hashed passwords, etc.. This may lead to a full compromise of...
CVE-2018-12572
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data...
"Collection #1" Data Dump Hacker Identified
UPDATE Researchers say they have identified the threat actor behind the massive “Collection 1” data dump which exposed hundreds of millions of credentials on a hacking forum in January. Recorded Future researchers said this weekend that an individual using the monikor “C0rpz” has claimed as early...
World’s largest data dump surfaces on web with 2.2 billion accounts
By Waqas It hasn’t even been 15 days since details of the world’s biggest online private data dump were discovered by security researchers and now its second "installment" has posted online. As per the report from Heise.de, a German-language website, the first collection, which was published on...
Shopify: Unauthenticated access to Zendesk tickets through athena-flex-production.shopifycloud.com Okta bypass
Summary athena-flex-production.shopifycloud.com seems to be an internal system that Shopify uses because it redirects user to Okta login. During this however, I noticed that it first returns 200 and then does a redirect meaning some part of the website loads before redirecting. With this, I was...
CVE-2017-1654
IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivileged user access to information located in dump files. User data could be sent to IBM during service engagements. IBM X-Force ID: 133378...
New NSA Data Dump: ShadowBrokers Release UNITEDRAKE Malware
By Waqas The ShadowBrokers is a group of hackers known for leaking This is a post from HackRead.com Read the original post: New NSA Data Dump: ShadowBrokers Release UNITEDRAKE Malware...
Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst
Reportedly, at least one senior cyber security analyst working with Mandiant, a Virginia-based cybersecurity firm owned by the FireEye, appears to have had its system compromised by hackers, exposing his sensitive information on the Internet. On Sunday, an anonymous group of hackers posted some...
Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month
As promised to release more zero-days exploits and hacking tools for various platforms starting from June 2017, the infamous hacking group Shadow Brokers is back with more information on how to subscribe and become a private member for receiving exclusive access to the future leaks. The Shadow...
ShadowBrokers Planning Monthly Exploit, Data Dump Service
Popcorn in hand, the ShadowBrokers say they’re taking in the WannaCry outbreak from the sidelines before starting in June a subscription service for new exploits and stolen data akin to a wine of the month club. In what’s become a signature periodic rant from the unknowns behind the leak of...
Turns Out Microsoft Has Already Patched Exploits Leaked By Shadow Brokers
The latest dump of hacking tools allegedly belonged to the NSA is believed to be the most damaging release by the Shadow Brokers till the date. But after analyzing the disclosed exploits, Microsoft security team says most of the windows vulnerabilities exploited by these hacking tools, including...
eClinicalWorks Patient Portal SQL Injection Vulnerability
eClinicalWorks Patient Portal is a product for healthcare applications from eClinicalWorks, Inc. that provides patients with a secure means of communicating to view their Personal Health Record PHR, view lab results, and more. An SQL injection vulnerability exists in the messageJson.jsp file in...
OIC Exponent CMS SQL Injection Vulnerability (CNVD-2017-01280)
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A SQL injection vulnerability...
CVE-2017-5569
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an...
Leaked NSA Hacking Tools Were 'Mistakenly' Left By An Agent On A Remote Server
If you are a hacker, you might have enjoyed the NSA's private zero-day exploits, malware and hacking tools that were leaked last month. But the question is: How these hacking tools ended up into the hands of hackers? It has been found that the NSA itself was not directly hacked, but a former NSA...