Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

U.S. Dept Of Defense: Sensitive information on ██████████

Hi team, i found a sensitive file hosted on '████' that i think must be not public accessible due to the wording "████████" Vulnerable Endpoint: https://██████ █████████ Regards Impact Sensitive information pubblicy accessible System Hosts ██████████ Affected Products and Versions CVE Numbers Ste...

U.S. Dept Of Defense: IDOR leads to Leakage an ██████████ Login Information

Hi security team, According to my report 1092618, The VDP team agreed that █████████ and it's subdomains is in the scope of the DoD program I continue testing that domain . . Issue Description: There is an IDOR in██████.███████ that connected with ████████.███████ highly protected encryption chat...

User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection

Exploit Title: User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection Date: 2020–11–14 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://phpgurukul.com Software Link:...

U.S. Dept Of Defense: CSRF - Delete Account (Urgent)

Target Url https://██████████/███/██████/█████████ Summary: Hello, I found a Cross Site Request Forgery bug in the target endpoint on the GET request ████ which is critical because it can delete authenticated user account whenever he navigates to the attacker website or link. Step-by-step...