116 matches found
CVE-2015-10023
CVE-2015-10023 affects Fumon trello-octometric, specifically the main function in metrics-ui/server/srv.go. The issue is a SQL injection resulting from manipulation of the num argument. A patch is available (commit a1f1754933fbf21e2221fbc671c81a47de6a04ef) and is recommended to fix the issue. Con...
trello-octometric SQL注入漏洞
trello-octometric is a small project by the individual developer Jade Bilkey to execute metrics on trello boards over time. trello-octometric suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulation of the parameter num can lead to sql injection...
PT-2023-10202 · Unknown · Fumon Trello-Octometric
Name of the Vulnerable Software and Affected Versions: Fumon trello-octometric affected versions not specified Description: A critical issue has been found in Fumon trello-octometric, affecting the main function of the file metrics-ui/server/srv.go. The manipulation of the num argument leads to s...
Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads — The Hacker News
The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several...
TrelloC2 - Simple C2 Over The Trello API
Simple C2 over Trello's API Proof-of-Concept By: Fabrizio Siciliano @0rbz Update 12/30/2019 Removed hardcoded API key and Token, use input instead. Requirements Python 3.x Setup 1. Create a Trello account: https://trello.com/signup 2. Once logged in, get your API key: https://trello.com/app-key 3...
Malicious code in trello-canonical-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8765aa5264cee13f61e9d087231cfe8f9b35a95dde3d2513ea22bbe8038d39f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6640 Malicious code in trello-canonical-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8765aa5264cee13f61e9d087231cfe8f9b35a95dde3d2513ea22bbe8038d39f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in glip-integration-trello (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc655447ed0057c47a3912a705dacc3cbc4285e80061615877303343d197d70b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3389 Malicious code in glip-integration-trello (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc655447ed0057c47a3912a705dacc3cbc4285e80061615877303343d197d70b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in trello-0_10_1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5ac9ed3cd9bc997125d0d57fe75a6d8d4113275d390323f1e933c15e3331315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6639 Malicious code in trello-0_10_1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5ac9ed3cd9bc997125d0d57fe75a6d8d4113275d390323f1e933c15e3331315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 aka Co...
WordPress jav's – WooCommerce and Trello integration WooTrello plugin <= 3.2.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress jav's – WooCommerce and Trello integration WooTrello plugin versions = 3.2.0. Solution Update the WordPress jav's – WooCommerce and Trello integration WooTrello plugin to the latest available version at least 3.2.1...
WordPress jav's – WooCommerce and Trello integration WooTrello plugin <= 3.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress jav's – WooCommerce and Trello integration WooTrello plugin versions = 3.2.0. Solution Update the WordPress jav's – WooCommerce and Trello integration WooTrello plugin to the latest available version a...
Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?
As the coronavirus pandemic continues to worsen, remote-collaboration platforms – now fixtures in many workers’ “new normal” – are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx...
Shopify: Bypass report #416983 - Removed Staff members who had "Apps" permission can still modify flow app connections
The following report intends to disclose a bypass for 416983. It's been found that removed staff members who had "Apps" permission can still modify flow app connection settings due to improper authorization. Description Signed URLs generated by Shopify Flow https://apps.shopify.com/flow use a...
Shopify: H1514 Removed Staff members who had "Apps" permission can still modify flow app connections
Summary: It's been found that removed staff members who had "Apps" permission can still modify flow app connection settings due to improper authorization. Description: Flow app https://apps.shopify.com/flow allows users to connect their Google Sheets, Trello and Asana accounts to their flow...
Trello: Stored XSS via Chrome plugin
Stored XSS via Chrome plugin 1. Install the Trello Chrome plugin 2. Create a list on trello.com with a script injection title eg "alert'xss';" 3. Open the Chrome plugin and browse to the list, the code is executed from the plugin I've attached screenshots of the problem The origin is the chrome...
trello.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-632913 Description| Value ---|--- Affected Website:| trello.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
Further Down the Trello Rabbit Hole
Last month's story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support...