Customer Relationship Management System (CRM) 1.0 - Remote Code Execution

Exploit Title: Customer Relationship Management System CRM 1.0 - Remote Code Execution Date: 21.06.2021 Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.0.0-m10security-10 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat...

The vulnerability in the web interface for controlling Cisco AsyncOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability in the web interface for managing Cisco AsyncOS operating systems is related to deficiencies in the security of operational data in the source code. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information throug...

Cyberpunk 2077 Hacked Data Circulating Online

New data from the February hack of CD Projekt Red, the videogame-development company behind Cyberpunk 2077 and the Witcher series, is circulating online. Earlier this year, the company suffered a ransomware attack in which a cyberattack group believed by some to be the HelloKitty gang “gained...

Hackers Steal FIFA 21 Source Code, Tools in EA Breach

Hackers have breached computer game maker Electronic Arts EA and stolen source code and related tools for the company’s extensive game library, the company has confirmed. EA said it’s investigating “a recent incident of intrusion into our network where a limited amount of game source code and...

CVE-2021-28805

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versio...

SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2021:14705-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14705-1 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g...

Path traversal

Impact A malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for docsdir in mkdocs.yml. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that ...

CVE-2021-32662 TechDocs mkdocs.yml path traversal

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is buil...

Hacker selling DDOS-Guard database, source code, pirate sites data

By Waqas It is time for anti-piracy groups to rejoice as the database of DDoS-Guard is reportedly on sale on a hacking forum. This is a post from HackRead.com Read the original post: Hacker selling DDOS-Guard database, source code, pirate sites data...

Local Service Search Engine Management System 1.0 SQL Injection

Exploit Title: SQL injection, bypass the login page, Local Service Search Engine Management System 1.0 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 06.02.2021 Vendor:...

Arbitrary File Download Vulnerability in Library Cluster Management System of Guangzhou Tutron Computer Software Development Co.

Guangzhou Tutron Computer Software Development Co., Ltd. is a high-tech enterprise integrating product development, application integration and customer service. There is an arbitrary file download vulnerability in the library cluster management system of Guangzhou Tutron Computer Software...

Trixbox 2.8.0.4 - (lang) Path Traversal Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ Credits to: Sachin Wagh Vendor Homepage:...

FreeBSD-SA-21:11.smap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:11.smap Security Advisory The FreeBSD Project Topic: SMAP bypass Category: core Module: amd64 Announced: 2021-05-26 Credits: I lost my dog if you see him...

Fuzzing iOS code on macOS at native speed

Or how iOS apps on macOS work under the hood Posted by Samuel Groß, Project Zero This short post explains how code compiled for iOS can be run natively on Apple Silicon Macs. With the introduction of Apple Silicon Macs, Apple also made it possible to run iOS apps natively on these Macs. This is...

Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Date: 15-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Date: 15-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Mubeng - An Incredibly Fast Proxy Checker And IP Rotator With Ease

An incredibly fast proxy checker & IP rotator with ease. Features Proxy IP rotator : Rotates your IP address for every specific request. Proxy checker : Check your proxy IP which is still alive. All HTTP/S methods are supported. HTTP & SOCKSv5 proxy protocols apply. All parameters & URIs are...

Rapid7 Source Code Breached in Codecov Supply-Chain Attack

Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year. "A small subset of our source code repositorie...

Ransomware Going for $4K on the Cyber-Underground

In the cybercriminal underground, ransomware samples and builders are going for anywhere between $300 to $4,000, with ransomware-as-a-service rentals costing $120 to $1,900 per year. That’s according to an analysis by Kaspersky of the three main underground forums where ransomware is circulated...