CVE-2022-24867 LDAP password exposure in glpi

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldappass is not filtered and when you look at the source code of the...

Online Restaurant Table Reservation System 1.0 SQL Injection Vulnerability

Exploit Title: Online Restaurant Table Reservation System v1.0 Exploit Author: segf0lt Vendor Homepage: https://www.sourcecodester.com/php/15286/online-restaurant-table-reservation-system-phpoop-free-source-code.html Software Link:...

Index Minting and Redemption Can Be Frontrun

Lines of code Vulnerability details Impact According to the provided source code, the user must transfer the underlying asset to the contract prior to calling mint or the index token before to calling burn. If these two actions are performed on the difference block, it introduces the risk that...

Pharmacy Management System 1.0 Shell Upload

Exploit Title: Pharmacy management system - Remote Code Execution RCE Date: 19/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Version:...

EulerOS 2.0 SP10 : binutils (EulerOS-SA-2022-1481)

According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of character...

GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku an...

Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free

A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download...

Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer

Update 04/14/22: Following the initial publication of this blog, we observed a new post in the Haskers Gang Telegram channel announcing that ownership of the ZingoStealer project is being transferred to a new threat actor. We also observed the malware author offering to sell the source code for...

The Tricky Aftermath of Source Code Leaks

Lapsus$ hackers leaked Microsoft’s Bing and Cortana source code. How bad is that, really?...

School Club Application System v1.0 SQL injection Vulnerability

Title: School Club Application System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html Reference:...

FreeBSD-SA-22:08.zlib

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:08.zlib Security Advisory The FreeBSD Project Topic: zlib compression out-of-bounds write Category: zlib Module: contrib Announced: 2022-04-06 Credits: Danil...

Online Sports Complex Booking System 1.0 SQL Injection

Title: Online Sports Complex Booking System 1.0 SQL Injection Author: Zllggggg Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip Reference:...

FreeBSD-SA-22:06.ioctl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:06.ioctl Security Advisory The FreeBSD Project Topic: mpr/mps/mpt driver ioctl heap out-of-bounds write Category: core Module: mpr, mps, mpt Announced:...

DarthSidious - Building An Active Directory Domain And Hacking It

The goal is simple To share my modest knowledge about hacking Windows systems. This is commonly refered to as red team exercises. This book however, is also very concerned with the blue team; the defenders. That is, helping those who are working as defenders, analysts and security experts to buil...

Joomla! information disclosure vulnerability (CNVD-2022-64097)

Joomla! is a set of forum components used in the Joomla! content management system. An information disclosure vulnerability exists in versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0, which stems from an error caused by uploading a file name that is too long. The error displays a screen with...

IT Firm Globant Confirms Breach after LAPSUS$ Leaks 70GB of Data

The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as ...

Medical Hub Directory Site 1.0 Local File Inclusion

Title: Medical Hub Directory Site LFI To RCE Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

Medical Hub Directory Site 1.0 SQL Injection

Exploit Title: Medical Hub Directory Site - 'id' SQL Injection Date: 30/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Version: 1.0 Tested on:...

Pay Slip PDF Generator System 1.0 SQL Injection Vulnerability

Pay Slip PDF Generator System version suffers from multiple remote SQL injection vulnerabilities that can lead to remote code execution. Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Vendor:...

Pay Slip PDF Generator System 1.0 Shell Upload Vulnerability

Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess0.zip...