CVE-2019-15607

A stored XSS vulnerability is present within node-red version: = 0.20.7 npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc...

CVE-2022-35224

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a...

Improper Access Control

Lines of code Vulnerability details Impact In the referenced code this line, requiremsg.sender != admin, "caller not admin"; is meant to prevent non-admins from calling the function however it instead prevents admins from calling the function and allows anyone else to. This could lead to defacing...

U.S. Dept Of Defense: Access to admininstrative resources/account via path traversal

Description: A user can login as an administrator without the need of an ██████████ account, or an authenticated user can access and manipulate administrative resources without needing to login as an administrator. An ████████ ███████ account is required. References Impact Exfiltration of sensiti...

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding – has been arrested. Interpol announced the bust – which took place in Morocco in May – on...

Informatica: Html injection on ██████.informatica.com via search.html?q=1

hello dear I have found HTML injection on ██████.informatica.com parameters injectable search.html?q=1 URL : https://████████.informatica.com/search.html?q=1%22%3E%3Cimg%20src=https://www.no-gods-no-masters.com/imagesdesigns/anonymous-gandhi-d001001207265.png%3E%E2%80%[email protected]%20%22 payload ; 1"”@x...

DoJ Indicts Two Hackers for Defacing Websites with Pro-Iran Messages

The Department of Justice DoJ has indicted two hackers – including one teenager – for allegedly vandalizing more than 50 websites hosted in the U.S. with pro-Iran messages. The indictment, unsealed on Tuesday, indicts Behzad Mohammadzadeh, a national of the Islamic Republic of Iran who is believe...

Rocket.Chat: [Security Vulnerability Rocket.chat] HTML Injection into Email via Signup

Description Due to a lack of sanitization and validation in parameter affected, we can input HTML Tag and system will render it into Email victim. Affected Endpoint https://chat.oas.greenhost.net/home Parameter : Name Step to produce In textbox name, input HTML code like "\”@x.y " And in Email,...

1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure

Attackers have taken a liking to a content-injection vulnerability disclosed last week and patched in WordPress 4.7.2 that experts say has been exploited to deface 1.5M sites so far. The issue has evolved into “one of the worst WordPress related vulnerabilities to emerge in some time,” researcher...

FreeBSD : PHP -- multiple vulnerabilities (1b61ecef-cdb9-11e6-a9a5-b499baebfeaf)

Check Point reports : ... discovered 3 fresh and previously unknown vulnerabilities CVE-2016-7479, CVE-2016-7480, CVE-2016-7478 in the PHP 7 unserialize mechanism. The first two vulnerabilities allow attackers to take full control over servers, allowing them to do anything they want with the...

Uber: Reflected XSS on Uber.com careers

Location www.uber.com/careers/ Description: It is possible for an attacker to inject an arbitrary javascript into city GET parameter. This leads to phishing, defacing from URL, stealing credentials by using a fake login page and many other client side risks. POC: - Logon to...

Advanced Deface Page Maker Tool

Advanced Deface Page Maker is a computer program that allows users to create HTML pages, in order to upload them to web servers and deface them. This tool is commonly used by attackers, and therefore upload of files created by this tool may indicate an attempt to deface a web server...

Singapore police arrested six men for allegedly hacking Prime Minister and President websites

A Singaporean hacker calling himself the "The Messiah" was arrested in Kuala Lumpur last Monday for hacking into a Singaporean government website over two weeks ago - from a Kuala Lumpur apartment. James Raj 35 charged with hacking of Ang Mo Kio town council website and posting a symbol associate...

Singapore police arrested six men for allegedly hacking Prime Minister and President websites

A Singaporean hacker calling himself the "The Messiah" was arrested in Kuala Lumpur last Monday for hacking into a Singaporean government website over two weeks ago - from a Kuala Lumpur apartment. James Raj 35 charged with hacking of Ang Mo Kio town council website and posting a symbol associate...

[bWAPP bee-box] Linux VMware virtual machine pre-installed with bWAPP

bee-box is a custom Linux VMware virtual machine pre-installed with bWAPP. bee-box gives you several ways to hack and deface the bWAPP website. It's even possible to hack the bee-box to get root access... With bee-box you have the opportunity to explore all bWAPP vulnerabilities! This project is...

Anonymous hacks 20 million accounts to promote Operation Jubilee

Anonymous hackers claimed that they compromise over 20 million user accounts worldwide this year to promote Operation Jubilee. Large community web sites were targeted to gain access to users' contact information. Many administrators denied that their databases were at risk while all their data wa...

Indian and Bangladeshi Hackers destroying Cyber Space of Each Other

Indian and Bangladeshi Hackers destroying Cyber Space of Each Other They Call it "Cyber war" - but In actual they are destroying Cyber Space of their own Country by Defacing Sites for a matter that can't be solved by Ministry like this. The cyber attacks was started two days back from both sides...

LightNEasy 3.4.2 Multiple Vulnerabilities

Exploit for php platform in category web applications ========================================================================= LightNEasy 3.4.2 Multiple Vulnerabilities =========================================================================...

British police issue warning to Anonymous, Lulzsec and other internet hacktivists

British police issue warning to Anonymous, Lulzsec and other internet hacktivists The Metropolitan Police have taken the unusual step of using Twitter to send a message to anyone considering supporting internet attacks against companies and governments.A message posted on the Met Police's officia...

3 websites hacked by Indian Girl Hacker - TriNitY !

3 websites hacked by Indian Girl Hacker - TriNitY ! Till now we was just listen about that, some Hackers boys do hacks and sites defacements, But wait ! Here we have an Indian Girl with codename "TriNitY" .TriNitY is I think 1st Indian hacker who is in news for defacing some websites. The list of...