29 matches found
Abusing the Internet of Medical Things: Evaluating Threat Models and Forensic Readiness for Multi-Vector Attacks on Connected Healthcare Devices
Individuals experiencing interpersonal violence IPV, who depend on medical devices, represent a uniquely vulnerable population as healthcare technologies become increasingly connected. Despite rapid growth in MedTech innovation and "health-at-home" ecosystems, the intersection of MedTech...
Former CISA Director Jen Easterly Will Lead RSAC Conference
The longtime cybersecurity professional says she’s taking the helm of the legacy security organization at “an inflection point” for tech and the world beyond...
CVE-2025-6618
creationtimestamp| type| source ---|---|--- 2025-06-25 18:06:22+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19491 2025-06-30 20:26:59+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114774193882630947...
Directory Traversal Vulnerability in Changjitong T+ of Changjitong Information Technology Co.
T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...
Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes
Operational Technology OT security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly...
Command Execution Vulnerability in UFIDA NC at UFIDA Network Technology Co.
UFIDA NC is a large erp enterprise management system and e-commerce platform. A command execution vulnerability exists in UFIDA NC, which can be exploited by attackers to execute commands...
Honeypot-Factory: The Use of Deception in ICS/OT Environments
The recently published Security Navigator report of Orange Cyberdefense shows there has been a rapid increase of attacks on industrial control systems ICS in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as...
MGASA-2022-0346 Updated webkit2 packages fix security vulnerability
A buffer overflow issue which may lead to arbitrary code execution was addressed with improved memory handling. CVE-2022-32886 Visiting a website that frames malicious content may lead to UI spoofing. he issue was addressed with improved UI handling. CVE-2022-32891 A buffer overflow issue which m...
FBI warns food and agriculture to brace for seasonal ransomware attacks
The Federal Bureau of Investigation FBI recently released a Private Industry Notification warning agriculture cooperatives also known as "farmers co-ops" of the looming danger of well-timed ransomware attacks. The agency warns that during the critical planting and harvesting seasons, attacks coul...
File upload vulnerability in Guangxi Tianshou Network Technology Co.
Guangxi Tianhands Network Technology Co., Ltd. specializes in computer network information technology development and technical services, computer software technical consulting, technical services and technology transfer. Guangxi Tianshou Network Technology Co., Ltd. station building system there...
Code Execution Vulnerability in CMS Content Management System of Chengdu JINWEI TECHNOLOGY Co.
Chengdu today network technology limited company scope of business: computer hardware and software development; computer hardware and software technology services, computer information technology consulting services; computer network engineering construction, etc.. Code execution vulnerability...
SQL Injection Vulnerability in Jiangsu Lianbang Information Technology Co.
Jiangsu Lianbang Information Technology Co., Ltd. is a high-tech enterprise integrating Internet and mobile Internet system research and development, smart city, traditional e-commerce transformation and digital media development. Jiangsu Lianbang Information Technology Co., Ltd. station building...
Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry
Over the last fifteen years, attacks against critical infrastructure figure1 have steadily increased in both volume and sophistication. Because of the strategic importance of this industry to national security and economic stability, these organizations are targeted by sophisticated, patient, and...
Feds: Cyberattack on NASA's JPL Threatened Mission-Control Data
NASA’s Jet Propulsion Laboratory JPL may know how to send delicate equipment to Mars, but basic cybersecurity best practices appear to pose an issue for it. A comprehensive federal review has detailed an April 2018 security incident that compromised mission systems – stemming from multiple IT...
Managing the Risk of IT-OT Convergence
A few years ago, it wasn’t easy getting executives on board with the concept of operational technology OT security. Having finally come around to acknowledging the need for information technology IT security, boards and C-suite executives at industrial enterprises were then faced with the...
WSO2 Carbon 4.4.5 - Persistent Cross-Site Scripting
Exploit for jsp platform in category web applications + Credits: John Page aka HYP3RLINX Vendor: ============= www.wso2.com Product: ================== Ws02Carbon v4.4.5 WSO2 Carbon is the core platform on which WSO2 middleware products are built. It is based on Java OSGi technology, which allows...
West silent technology smart device/cgi-bin/checkCookie command execution vulnerability
No description provided by source...
Plogger Photo Gallery SQL Injection
Exploit Title: Plogger Photo Gallery Script SQL Injection Vulnerability Date: 2012 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr Issue: SQL Injection Risk level: High The remote attacker has the possibility to execute arbitrary SQ...
SocialCMS Cross Site Scripting / SQL Injection
Exploit Title: SocialCMS SQL Injection and XSS Vulnerability Date: 2012 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE SQL Injection and XSS can be done using the POST method. Vulnerable Page: ajax/commentajax.php SQL Injecti...
P-Chat 0.9 Cross Site Scripting
Exploit Title: P-Chat v0.9 XSS Vulnerability Date: 2012 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: index.php XSS Example: "/ XSS Code POC:...