239 matches found
WordPress Delhivery Logistics Courier Plugin <= 1.0.107 is vulnerable to SQL Injection
Software Delhivery Logistics Courier Type Plugin Vulnerable versions = 1.0.107 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-22283 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID fb6909b3979e Credits Yudistira Arya Required privilege...
indianlogisticsinfo.com Cross Site Scripting vulnerability OBB-3817931
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors
A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been attributed by CrowdStrike to a threat actor it tracks...
SQL Injection Vulnerability in Intelligent Logistics Unattended System of Taiyuan ECS Software Technology Co. Ltd (CNVD-2023-99600)
Intelligent logistics unattended system is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is a SQL injection vulnerability in the Intelligent Logistics Unattended...
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a...
Arbitrary File Read Vulnerability in ECS Intelligent Logistics Unattended System
ECS Intelligent Logistics Unattended System is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is an arbitrary file read vulnerability in the ECS Intelligent Logisti...
New Variant of Chaes Malware ‘Chae$ 4’ Targeting Financial and Logistics Sectors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new Chaes malware variant, "Chae$ 4," targeting logistics, finance, and prominent platforms has emerged with enhanced capabilities, including Python-based architecture and an expanded range of targeted...
New Python Variant of Chaes Malware Targets Banking and Logistics Industries
Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. "It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced...
hess-logistics.com Cross Site Scripting vulnerability OBB-3614338
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
File Upload Vulnerability in Intelligent Logistics Unattended System of Taiyuan ECS Software Technology Co.
Intelligent logistics unattended system is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is a file upload vulnerability in the Intelligent Logistics Unattended...
CVE-2023-38689
Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...
CVE-2023-38689 Deserialization of Untrusted Data in network IO
Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...
CVE-2023-38689
Summary (CVE-2023-38689): Logistics Pipes (Minecraft Java Edition mod) suffers a deserialization vulnerability due to Java’s ObjectInputStream#readObject on untrusted data over the network, enabling potential remote code execution. Affected versions are 0.7.0.91 to 0.10.0.71; fix applied in 0.10....
CVE-2023-38689 Deserialization of Untrusted Data in network IO
Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...
PT-2023-26553 · Mojang · Minecraft
Name of the Vulnerable Software and Affected Versions: Logistics Pipes versions 0.7.0.91 through 0.10.0.71 Description: The issue is related to the use of Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network, resulting in possible remote code...
Logistics Pipes Code Issue Vulnerability
Logistics Pipes is a component of mcrs485 Personal Developer. A code issue vulnerability exists in Logistics Pipes that stems from a vulnerability that could lead to remote code execution...
"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches
A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service DDoS attacks and 78 website defacements since June 2022. "The group most frequently attacks logistics, government, and financial sector organizations in India and Israel,"...
AMS Logistics 2.2 SQL Injection
==================================================================================================================================== | Title : AMS LOGISTICS 2.2 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
xds-logistics.com Cross Site Scripting vulnerability OBB-3479880
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry
At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell,...