HardHatC2 - A C# Command And Control Framework

A cross-platform, collaborative, Command & Control framework written in C, designed for red teaming and ease of use. HardHat is a multiplayer C .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and sensiti...

CVE-2023-30453

The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter...

CVE-2023-30453

The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter...

Cross site scripting

The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter...

CVE-2023-2788

Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated...

Buffer overflow

Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated...

PT-2023-22700 · Unknown · Teamlead Reminder

Name of the Vulnerable Software and Affected Versions: Teamlead Reminder plugin for Jira versions through 2.6.5 Description: The issue allows for persistent XSS via the message parameter. This can lead to malicious scripts being executed on the client-side, potentially compromising user data or...

CVE-2023-30453

The CVE-2023-30453 entry concerns the Teamlead Reminder plugin for Jira up to version 2.6.5. The vulnerability is a persistent XSS via the message parameter, allowing injected scripts to be executed in the victim’s browser. Documented impact is client-side script execution potentially leading to ...

CVE-2023-30453

The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter...

Design/Logic Flaw

In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Androi...

Home Assistant < 0.57 XSS Vulnerability

Home Assistant is prone to a cross-site scription XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-29756

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files...

Design/Logic Flaw

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files...

GHSA-5CR9-5JX3-2G39 avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields

Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...

CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...

Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks

The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational institutions, government agencies, military bodies, and non-profit organizations,...

Unified Automation UaGateway AddServer XML Injection Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the implementati...

CVE-2023-29745

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database...