13 matches found
CVE-2025-13990
The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...
CVE-2025-13990 Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation
The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...
CVE-2025-13990
CVE-2025-13990 concerns the Mamurjor Employee Info WordPress plugin. The vulnerability is a Cross-Site Forgery (CSRF) in all versions up to 1.0.0, caused by missing nonce validation on multiple admin actions. This allows unauthenticated attackers to forge requests that create, update, or delete e...
PT-2026-1613
Name of the Vulnerable Software and Affected Versions Mamurjor Employee Info plugin for WordPress versions up to and including 1.0.0 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation on several administrative functions. This allows...
WordPress plugin Mamurjor Employee Info 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site reque...
WordPress Mamurjor Employee Info plugin <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation vulnerability
Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Mamurjor Employee Info versions = 1.0.0...
AMD Data Breach: IntelBroker Claims Theft of Employee and Product Info
Advanced Micro Devices, Inc. AMD has apparently been breached by IntelBroker, a notorious hacker from the Breach Forums --- AMD has not yet confirmed the breach...
Europol Hacked? IntelBroker Claims Major Law Enforcement Breach
By Waqas Notorious hacker IntelBroker claims a major data breach at Europol. Allegedly, sensitive data including employee info, source code, and operational documents were compromised. Europol has yet to confirm the breach. Could this expose ongoing investigations and endanger law enforcement...
D4TA-HUNTER - GUI Osint Framework With Kali Linux
D4TA-HUNTER is a tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking. In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees,...
For Finserv Ransomware Attacks, Obtaining Customer Data Is the Focus
Welcome back to the third installment of Rapid7's Pain Points: Ransomware Data Disclosure Trends blog series, where we're distilling the key highlights of our ransomware data disclosure research paper one industry at a time. This week, we'll be focusing on the financial services industry, one of...
Short story about Clubhouse user scraping and social graphs
TL;DR During this RedTeam testing, Hexway team used Clubhouse as a social engineering tool to find out more about their client’s employees. UPDATE: While Hexway were preparing this article for publication, cybernews.com reported: 1.3 million scraped user records leaked online for free In this...
CVE-2020-26805
CVE-2020-26805 : In Sentrifugo 3.2, the admin editing employee details via POST to /sentrifugo/index.php/empadditionaldetails/edit/userid/2 exposes a SQL injection vulnerability in the parameter employeeNumId . An attacker can inject SQL commands through this field to read from or write to the da...
用友内部论坛数据备份信息泄露一万多员工已经内部交流信息泄露
简要描述: 看到这有个正在维护的系统,写着"系统正在升级中...将于2011年10月27日正常访问,敬请谅解!" 于是果断扫了目录,果然有数据备份、 涉及一万多的内部人员数据、大量的用友邮箱、还有部分的内部交流信息、 能再上首页吗? 详细说明: 涉及的IP:http://219.141.185.30/wk.htm 备份数据下载地址:http://219.141.185.30/webroot.rar 果断的解压、 数据挺多的,看了下下面这两个比较有意思、 搜了下,涉及用友邮箱一共1500多、 账户总数是一万七千多、 下面这个比较有意思、...