Lucene search
+L

116 matches found

CVE
CVE
added 2023/01/07 11:31 a.m.49 views

CVE-2015-10023

CVE-2015-10023 affects Fumon trello-octometric, specifically the main function in metrics-ui/server/srv.go. The issue is a SQL injection resulting from manipulation of the num argument. A patch is available (commit a1f1754933fbf21e2221fbc671c81a47de6a04ef) and is recommended to fix the issue. Con...

9.8CVSS7AI score0.00657EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/01/07 12:0 a.m.4 views

trello-octometric SQL注入漏洞

trello-octometric is a small project by the individual developer Jade Bilkey to execute metrics on trello boards over time. trello-octometric suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulation of the parameter num can lead to sql injection...

9.8CVSS6.7AI score0.00657EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/07 12:0 a.m.4 views

PT-2023-10202 · Unknown · Fumon Trello-Octometric

Name of the Vulnerable Software and Affected Versions: Fumon trello-octometric affected versions not specified Description: A critical issue has been found in Fumon trello-octometric, affecting the main function of the file metrics-ui/server/srv.go. The manipulation of the num argument leads to s...

9.8CVSS6.3AI score0.00657EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2022/07/20 4:3 a.m.23 views

Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads — The Hacker News

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2022/06/23 9:30 p.m.34 views

TrelloC2 - Simple C2 Over The Trello API

Simple C2 over Trello's API Proof-of-Concept By: Fabrizio Siciliano @0rbz Update 12/30/2019 Removed hardcoded API key and Token, use input instead. Requirements Python 3.x Setup 1. Create a Trello account: https://trello.com/signup 2. Once logged in, get your API key: https://trello.com/app-key 3...

7.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:24 p.m.3 views

Malicious code in trello-canonical-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8765aa5264cee13f61e9d087231cfe8f9b35a95dde3d2513ea22bbe8038d39f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:24 p.m.7 views

MAL-2022-6640 Malicious code in trello-canonical-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8765aa5264cee13f61e9d087231cfe8f9b35a95dde3d2513ea22bbe8038d39f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:17 p.m.1 views

Malicious code in glip-integration-trello (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc655447ed0057c47a3912a705dacc3cbc4285e80061615877303343d197d70b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:17 p.m.12 views

MAL-2022-3389 Malicious code in glip-integration-trello (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc655447ed0057c47a3912a705dacc3cbc4285e80061615877303343d197d70b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:15 p.m.3 views

Malicious code in trello-0_10_1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5ac9ed3cd9bc997125d0d57fe75a6d8d4113275d390323f1e933c15e3331315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:15 p.m.5 views

MAL-2022-6639 Malicious code in trello-0_10_1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5ac9ed3cd9bc997125d0d57fe75a6d8d4113275d390323f1e933c15e3331315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2022/05/02 11:40 a.m.28 views

Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia

A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29 aka Co...

0.2AI score
Exploits0
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress jav's – WooCommerce and Trello integration WooTrello plugin <= 3.2.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress jav's – WooCommerce and Trello integration WooTrello plugin versions = 3.2.0. Solution Update the WordPress jav's – WooCommerce and Trello integration WooTrello plugin to the latest available version at least 3.2.1...

3.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress jav's – WooCommerce and Trello integration WooTrello plugin <= 3.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress jav's – WooCommerce and Trello integration WooTrello plugin versions = 3.2.0. Solution Update the WordPress jav's – WooCommerce and Trello integration WooTrello plugin to the latest available version a...

4.7AI score
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2020/04/06 9:49 a.m.72 views

Beyond Zoom: How Safe Are Slack and Other Collaboration Apps?

As the coronavirus pandemic continues to worsen, remote-collaboration platforms – now fixtures in many workers’ “new normal” – are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx...

7.5AI score
Exploits0References25
Hacker One
Hacker One
added 2019/09/20 7:36 a.m.103 views

Shopify: Bypass report #416983 - Removed Staff members who had "Apps" permission can still modify flow app connections

The following report intends to disclose a bypass for 416983. It's been found that removed staff members who had "Apps" permission can still modify flow app connection settings due to improper authorization. Description Signed URLs generated by Shopify Flow https://apps.shopify.com/flow use a...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2018/10/01 5:57 p.m.71 views

Shopify: H1514 Removed Staff members who had "Apps" permission can still modify flow app connections

Summary: It's been found that removed staff members who had "Apps" permission can still modify flow app connection settings due to improper authorization. Description: Flow app https://apps.shopify.com/flow allows users to connect their Google Sheets, Trello and Asana accounts to their flow...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2018/07/18 1:58 p.m.39 views

Trello: Stored XSS via Chrome plugin

Stored XSS via Chrome plugin 1. Install the Trello Chrome plugin 2. Create a list on trello.com with a script injection title eg "alert'xss';" 3. Open the Chrome plugin and browse to the list, the code is executed from the plugin I've attached screenshots of the problem The origin is the chrome...

1.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/06/15 8:10 p.m.10 views

trello.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-632913 Description| Value ---|--- Affected Website:| trello.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

0.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2018/06/06 2:45 p.m.31 views

Further Down the Trello Rabbit Hole

Last month's story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support...

7AI score
Exploits0
Rows per page
Query Builder