7614 matches found
CVE-2023-23772
The CVE-2023-23772 issue concerns the Motorola MBTS Site Controller, where firmware update packages are not validated cryptographically. The root cause is lack of firmware update authenticity checks, enabling an authenticated attacker to potentially achieve arbitrary code execution, extract secre...
CVE-2023-23772
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...
Malicious code in fca-spbot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a8ff7a08abab44b5a236e031340c492d901250c279d87f7078124850ecad03e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...
User Registration And Login And User Management System 3.0 Cross Site Scripting
Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...
User Registration & Login and User Management System v3.0 - XSS Vulnerability
Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Versio...
Malicious code in as-ui-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a907d0f630e8178cb7ba1215d44dac15d4d698d71e40733cb66932ff43419de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Leaving non-persistent virtual machines of the provisioning scheme at the hypervisor is not allowed.
Unable to delete orphaned VMs by using Powershell from catalog which has already been removed via Powershell. When running command: Remove-ProvScheme The below error is seen: "Leaving the non-persistent virtual machines of the provisioning scheme 'provisioning scheme name' at the hypervisor is no...
ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2023-40028 via ghost (>=0.11.14 <=1.26.2)
ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2023-40028 Source advisory: OSV:GHSA-9C9V-W225-V5RG...
Malicious code in tianfengqwe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6f7db121452a5fc346f93dedc863aa336e3aaa04145c00616f4e237f003f93f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle AitM attacks at the...
Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality ...
Moderate: Red Hat Security Advisory: VolSync 0.6.3 security fixes and enhancements
VolSync v0.6.3 security fixes and enhancements Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Moderate: Red Hat Security Advisory: VolSync 0.5.4 security fixes and enhancements
VolSync v0.5.4 security fixes and enhancements Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Hackers Abusing Cloudflare Tunnels for Covert Communications
New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access. "Cloudflared is functionally very similar to ngrok," Nic Finn, a senior threat intelligence analyst at GuidePoint Security,...
Cross site scripting
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks...
CVE-2023-37500
A Persistent Cross-site Scripting XSS vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks...
CVE-2023-37499
A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...
Cross site scripting
A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...
Cross site scripting
A Persistent Cross-site Scripting XSS vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks...