EUVD-2007-1041

Malware in sbrugna...

EUVD-2019-7800

Malware in sbrugna...

19-Year-Old Admits to PowerSchool Data Breach Extortion

A 19-year-old college student faces charges after pleading guilty to cyber extortion targeting PowerSchool, exposing data of 60…...

CVE-2019-17396

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

PowerSchool Paid Ransom, Now Hackers Target Teachers for More

PowerSchool paid ransom after a major data breach; now hackers are targeting teachers and schools with direct extortion…...

US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches

Plus: New details emerge about China’s cyber espionage against the US, the FBI remotely uninstalls malware on 4,200 US devices, and victims of the PowerSchool edtech breach reveal what hackers stole...

cin-eo.businessplus.powerschool.com Cross Site Scripting vulnerability OBB-2142697

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

dmp-eo.businessplus.powerschool.com Cross Site Scripting vulnerability OBB-2142694

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2019-17396

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

CVE-2019-17396

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

Default credentials

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

CVE-2019-17396

The CVE-2019-17396 entry concerns PowerSchool Mobile for Android (version 1.1.8). The underlying issue is that credentials (username and password) are logged during authentication and may be exposed to attackers via logcat. Affected component: authentication/logging path in the Android app. Impac...

CVE-2019-17396

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

Powerschool 4.3.6/5.1.2 Javascript File Request Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22611/info Powerschool is prone to an information-disclosure vulnerability because the application discloses information about administrative session variables. An attacker can exploit these issue to obtain sensitive...

Design/Logic Flaw

Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2...

CVE-2007-1044

Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2...

CVE-2007-1044

Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2...

CVE-2007-1044

The CVE-2007-1044 issue affects Pearson Education PowerSchool 4.3.6, where remote attackers could enumerate contents of the admin folder by requesting a URI composed of the admin/ directory and a .js filename. The underlying impact is partial confidentiality loss. A fix is noted as addressed by P...

Powerschool 404 Admin Exposure

Powerschool 4.3.6 and possibly other versions expose the admin interface when requesting any file with .js This allows one to see some directory and file names inside the admin folder. POC: http://powerschoolip/admin/.js Product's website does not provide email contact?...

Powerschool 4.3.65.1.2 - JavaScript File Request Information Disclosure

Powerschool 4.3.65.1.2 - JavaScript File Request Information Disclosure source: https://www.securityfocus.com/bid/22611/info Powerschool is prone to an information-disclosure vulnerability because the application discloses information about administrative session variables. An attacker can exploi...