2179 matches found
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...
CVE-2023-2866
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...
CVE-2023-2866
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...
CVE-2023-2866 Advantech WebAccess Insufficient Type Distinction
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...
Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App
Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft...
CVE-2023-3032
Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application Documentary proof upload modules allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22...
CVE-2023-3032
Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application Documentary proof upload modules allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22...
CVE-2023-3032 Mobatime web application - Arbitrary file upload (RCE)
Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application Documentary proof upload modules allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22...
MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited
A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is assigned the CVE identifier CVE-2023-34362, relates to a severe SQL injection vulnerability tha...
MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited
A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is assigned the CVE identifier CVE-2023-34362, relates to a severe SQL injection vulnerability tha...
Mobatime 代ē é®é¢ę¼ę“
Mobatime is a time and frequency synchronization solution from Mobatime, Inc. A security vulnerability exists in versions prior to Mobatime 06.7.2022 that originates from allowing a malicious user to upload a Web Shell to a Web server...
Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations. Agrius, also known as Pink Sandstorm formerly Americium, has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of...
Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
The Iranian threat actor known as Agrius is leveraging a new ransomware strain called Moneybird in its attacks targeting Israeli organizations. Agrius, also known as Pink Sandstorm formerly Americium, has a track record of staging destructive data-wiping attacks aimed at Israel under the guise of...
GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
Exploit Title: GetSimple CMS v3.3.16 - Remote Code Execution RCE Data: 18/5/2023 Exploit Author : Youssef Muhammad Vendor: Get-simple Software Link: Version app: 3.3.16 Tested on: linux CVE: CVE-2022-41544 import sys import hashlib import re import requests from xml.etree import ElementTree from...
CVE-2023-2712
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...
CVE-2023-2712
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...
Design/Logic Flaw
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15...
CVE-2023-2712 Malicious File Upload vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...
CVE-2023-2712 Malicious File Upload vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.
Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server. This issue affects Rental Module: before 23.05.15...
Ideasoft E-commerce Platform 代ē é®é¢ę¼ę“
Ideasoft E-commerce Platform is an open source e-commerce platform from Ideasoft. Ideasoft E-commerce Platform before version 23.05 there is a code issue vulnerability, the vulnerability stems from the Rental Module has a dangerous type of file unrestricted upload vulnerability, allowing command...