Lucene search
K

100 matches found

0day.today
0day.today
added 2023/04/28 12:0 a.m.408 views

Piwigo 13.5.0 SQL Injection Vulnerability

Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgments References ===== Vulnerability...

8.8CVSS8.7AI score0.09725EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/04/28 12:0 a.m.374 views

Piwigo 13.5.0 SQL Injection

===== Tempest Security Intelligence - ADV-03/2023 ========================== Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline...

8.8CVSS6.9AI score0.09725EPSS
Exploits5
The Hacker News
The Hacker News
added 2023/04/27 8:20 a.m.4 views

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

8.8CVSS8.2AI score0.99999EPSS
Exploits13
The Hacker News
The Hacker News
added 2023/04/27 8:20 a.m.83 views

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

9.8CVSS8.9AI score0.99999EPSS
Exploits37
0day.today
0day.today
added 2022/10/05 12:0 a.m.303 views

WordPress WPvivid Backup Path Traversal Vulnerability

Wordpress plugin - WPvivid Backup - Version 0.9.76 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements Reference...

4.9CVSS0.18147EPSS
Exploits3
0day.today
0day.today
added 2022/05/21 12:0 a.m.228 views

PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements References ===== Vulnerability...

6.1CVSS0.3AI score0.00909EPSS
Exploits3
0day.today
0day.today
added 2022/05/21 12:0 a.m.283 views

LiquidFiles 3.4.15 Cross Site Scripting Vulnerability

LiquidFiles - 3.4.15 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements References ===== Vulnerability...

5.4CVSS5.6AI score0.0136EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/05/19 12:0 a.m.258 views

PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting

===== Tempest Security Intelligence - ADV-03/2022 ========================== PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed description Timelin...

6.1CVSS0.1AI score0.00909EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/08/14 12:34 p.m.149 views

New Glowworm Attack Recovers Device's Sound from Its LED Power Indicator

A novel technique leverages optical emanations from a device's power indicator LED to recover sounds from connected peripherals and spy on electronic conversations from a distance of as much as 35 meters. Dubbed the "Glowworm attack," the findings were published by a group of academics from the...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2021/08/09 9:6 p.m.55 views

‘Glowworm’ Attack Turns Light Flickers into Audio

Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations. As an increasing amount of business is being conducted...

6.7AI score
Exploits0References10
Packet Storm
Packet Storm
added 2021/01/13 12:0 a.m.514 views

Envira Gallery Lite 1.8.3.2 Cross Site Scripting

==== Tempest Security Intelligence - ADV-12/2020 ============================= Envira Gallery - Lite Edition - Version 1.8.3.2 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================ • Overview •...

0.01343EPSS
Exploits3
OSV
OSV
added 2020/02/03 5:18 p.m.8 views

SUSE-SU-2020:0311-1 Security update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client

This update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client contains the following fixes: Security fixes for rubygem-crowbar-client: - CVE-2018-17954: Fixed an issue where crowbar was leaking the secret admin passwords to all nodes bsc1117080 Changes in...

9.3CVSS7.7AI score0.0196EPSS
Exploits0References5
Schneier on Security
Schneier on Security
added 2019/11/04 12:6 p.m.51 views

Homemade TEMPEST Receiver

Tom's Guide writes about home brew TEMPEST receivers: Today, dirt-cheap technology and free software make it possible for ordinary citizens to run their own Tempest programs and listen to what their own -- and their neighbors' -- electronic devices are doing. Elliott, a researcher at Boston-based...

1.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/13 12:0 a.m.290 views

Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting

===== Tempest Security Intelligence - ADV-03/2019 ========================== Piwigo - Version 2.9.5 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline ...

0.2AI score0.01355EPSS
Exploits5
OSV
OSV
added 2019/05/06 12:39 p.m.6 views

SUSE-RU-2019:1161-1 Recommended update for ardana-ansible, ardana-cobbler, ardana-db, ardana-heat, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-dashboard, openstack-ec2-api, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-magnum-ui, openstack-horizon-plugin-sahara-ui, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-api, openstack-monasca-notification, openstack-monasca-persister, openstack-murano, openstack-neutron, openstack-neutron-fwaas, openstack-nova, openstack-octavia, openstack-sahara, openstack-swift, openstack-tempest, python-cinderclient, python-cryptography, python-monasca-common, python-networking-hyperv, python-os-brick, python-venvjail, venv-openstack-aodh, venv-openstack-barbican, venv-openstack-ceilometer, venv-openstack-cinder, venv-openstack-designate, venv-openstack-freezer, venv-openstack-glance, venv-openstack-heat, venv-openstack-horizon, venv-openstack-ironic, venv-openstack-keystone, venv-openstack-magnum, venv-openstack-manila, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-nova, venv-openstack-octavia, venv-openstack-sahara, venv-openstack-swift, venv-openstack-trove

This update for ardana-ansible, ardana-cobbler, ardana-db, ardana-heat, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud,...

8.1CVSS6AI score0.04075EPSS
Exploits0References56
Packet Storm
Packet Storm
added 2018/10/09 12:0 a.m.64 views

NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass

===== Tempest Security Intelligence ===================================== Multiple vulnerabilities in NPLUG wireless repeater CVE-2018-12455: Authentication bypass CVE-2018-12456: Multiple CSRF CVE-2018-17337: XSS via SSID ------------------------------------------------------- Author: - Patrick...

0.5AI score0.04999EPSS
Exploits5
0day.today
0day.today
added 2018/07/13 12:0 a.m.80 views

ISS For Business 14.0.1400.2029 Blue Screen Of Death Vulnerability

In MicroWorld eScan Internet Security Suite ISS for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \.\econceal to cause a denial of service BSOD. ===== Tempest Security Intelligence - ADV-24/2018 === eScan ISS for...

6.8AI score0.06271EPSS
Exploits6
exploitpack
exploitpack
added 2018/07/13 12:0 a.m.91 views

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow 'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackListed ByVal strIP As String As Long" m...

6.8CVSS0.6AI score0.06271EPSS
Exploits6
Packet Storm
Packet Storm
added 2018/07/13 12:0 a.m.62 views

Total AV 4.6.19 Insecure Permissions

===== Tempest Security Intelligence - ADV-23/2018 === Total AV 4.1.7 4 .6.19 - Insecure Permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: ===== Table of Contents ===================================================== Overview Detailed description...

7.2CVSS7.7AI score0.00599EPSS
Exploits3
0day.today
0day.today
added 2018/07/13 12:0 a.m.70 views

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow Exploit

Exploit for windows platform in category dos / poc 'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackL...

0.3AI score0.06271EPSS
Exploits6
Rows per page
Query Builder