Splunk Enterprise 9.0.0 < 9.0.9, 9.1.0 < 9.1.4, 9.2.0 < 9.2.1 (SVD-2024-0302)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0302 advisory. - In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL...

WooCommerce < 8.6 - Contributor+ Private/Draft Products Access

Description The plugin does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products 1. ADMIN: Install WooCommerce 2. ADMIN: Add products of various visibility and statuses including Publish, Draft, Private,...

MAL-2024-1119 Malicious code in flow-code-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9258acb8507f9f496025b3b1cd2293980746d866319fd79ef9277564a474495a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in flow-code-examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9258acb8507f9f496025b3b1cd2293980746d866319fd79ef9277564a474495a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Nomore403 - Tool To Bypass 403/40X Response Codes

nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad...

openSUSE: Security Advisory for libqt5 (SUSE-SU-2023:4951-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NIST Cybersecurity Framework 2.0

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy, has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It al...

Dawa pharma 1.0-2022 - Multiple SQL Injection Vulnerabilities

Title: dawa-pharma-1.0-2022 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P0349/best-pharmacy-billing-software-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The email parameter appears t...

Types of SaaS Applications: Categories and Examples

By Uzair Amir Learn about different types of SaaS solutions and the most widely used SaaS categories to create your own… This is a post from HackRead.com Read the original post: Types of SaaS Applications: Categories and Examples...

Antisquat - Leverages AI Techniques Such As NLP, ChatGPT And More To Empower Detection Of Typosquatting And Phishing Domains

AntiSquat leverages AI techniques such as natural language processing NLP, large language models ChatGPT and more to empower detection of typosquatting and phishing domains. How to use Clone the project via git clone https://github.com/redhuntlabs/antisquat. Install all dependencies by typing pip...

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

Duplicate Advisory: Apache Superset - Elevation of Privilege

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f678-j579-4xf5. This link is maintained to preserve external references. Original Description Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using th...

CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

Authorization

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

CVE-2023-40610 Apache Superset: Privilege escalation with default examples database

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

PT-2023-27540 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to but excluding 2.1.2 Description: The issue is related to an improper authorization check, which could lead to possible privilege escalation. Using the default examples database connection, an attacker could acce...

aporacle (>=0.0.126 <=0.0.143), enrichsdk (>=5.2.3 <=5.2.4) +11 more potentially affected by CVE-2023-6022 via prefect (>=2.0.0b16 <=2.16.3)

prefect PYPI version =2.0.0b16, =0.0.126, =5.2.3, =2.37.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =0.0.217, =0.15.3, =0.6.5, =0.1.1, =0.1.0a0, =0.7.0, =0.9.0 Source cves: CVE-2023-6022 Source advisory: OSV:GHSA-4HH5-2678-83FX...

RHEL 8 : qt5-qtsvg (RHSA-2023:6961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6961 advisory. Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displayin...

VulnCheck KEV: CVE-2022-34305

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability...

HBSQLI - Automated Tool For Testing Header Based Blind SQL Injection

HBSQLI is an automated command-line tool for performing Header Based Blind SQL injection attacks on web applications. It automates the process of detecting Header Based Blind SQL injection vulnerabilities, making it easier for security researchers , penetration testers & bug bounty hunters to tes...