CVE-2023-6297

A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input...

CVE-2023-6297

A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input...

CVE-2023-6297 PHPGurukul Nipah Virus Testing Management System Search Report Page patient-search-report.php cross site scripting

A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input...

CVE-2023-6297

PHPGurukul Nipah Virus Testing Management System 1.0 is affected in the Search Report Page component (patient-search-report.php). A cross-site scripting vulnerability arises from manipulating the Search By Patient Name parameter with malicious input, e.g. , which can be triggered remotely. Multip...

Mass-Bruter - Mass Bruteforce Network Protocols

Mass bruteforce network protocols Info Simple personal script to quickly mass bruteforce common services in a large scale of network. It will check for default credentials on ftp, ssh, mysql, mssql...etc. This was made for authorized red team penetration testing purpose only. How it works 1. Use...

Nipah virus Testing Management System Cross-Site Scripting Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. A cross-site scripting vulnerability exists in version 1.0 of the Nipah Virus Testing Management System due to an unknown part of the file Patient-search-report.php in the component Search Report Page, which can be...

Exploit for CVE-2023-38646

CVE-2023-38646 Metabase Pre-Auth RCE 11/26/2023 Metabase ope...

androidx.car.app:app-testing (>=1.4.0 <=1.4.0-rc02), androidx.media3:media3-test-utils-robolectric (>=1.2.0 <=1.2.1) +2211 more potentially affected by CVE-2023-33202 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.72)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =1.6.0, =4.8.3, =1.4.0, =1.0.0, =4.0.7, =4.0.8 and more Source cves: CVE-2023-33202 Source advisory:...

Crimeware and financial cyberthreats in 2024

At Kaspersky, we constantly monitor the financial cyberthreat landscape, which includes threats to financial institutions, such as banks, and financially motivated threats, such as ransomware, that target a broader range of industries. As part of our Kaspersky Security Bulletin, we try to predict...

CVE-2023-48310 Ability to DoS the testing infrastructure by overwriting files

TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name and even without. A log file is created at...

A week in security (November 13 &#8211; November 19)

Last week on Malwarebytes Labs: Signal is testing usernames so you don’t have to share your phone number State of Maine data breach impacts 1.3 million people Credit card skimming on the rise for the holiday shopping season Update now! Microsoft patches 3 actively exploited zero-days Ransomware...

The vulnerability of Zoom’s video conferencing software lies in the insufficient testing of exception states, allowing attackers to trigger service failures.

The vulnerability of Zoom video conferencing software is related to insufficient testing of exception states. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Microsoft Security Update Validation Report November 2023

Microsoft’s November 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

Goblob - A Fast Enumeration Tool For Publicly Exposed Azure Storage Blobs

Goblob is a lightweight and fast enumeration tool designed to aid in the discovery of sensitive information exposed publicy in Azure blobs, which can be useful for various research purposes such as vulnerability assessments, penetration testing, and reconnaissance. Warning. Goblob will issue...

CVE-2023-40719

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...

CVE-2023-40719

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are...

CVE-2023-43504

A vulnerability has been identified in COMOS All versions V10.4.4. Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler SEH based buffer overflow. This could allow an attacker to execute arbitrary code on the target...

Signal is testing usernames so you don’t have to share your phone number

Messaging service Signal is testing support for usernames as a replacement for phone numbers to serve as user identities. Signal provides encrypted instant messaging and is popular among people that value their privacy. Compared to more popular services like WhatsApp, Signal offers more layers of...

toolbox security update

An update is available for toolbox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The toolbox container image can be used with Toolbox to obtain Rocky Linux...