Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Loan Management System 2024 1.0 Insecure Settings

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
Hostel Management System 1.0 Arbitrary File Upload

Hostel Management System version 1.0 version 1.0 suffers from an arbitrary file upload vulnerability.

File Management System 1.0 Cross Site Request Forgery

File Management System version 1.0 suffers from a cross site request forgery vulnerability.

Faculty Evaluation System 1.0 Cross Site Request Forgery

Faculty Evaluation System version 1.0 suffers from a cross site request forgery vulnerability.

eClass LMS 6.2.0 Shell Upload

eClass LMS version 6.2.0 suffers from a remote shell upload vulnerability.

Free Hospital Management System For Small Practices 1.0 CSRF

Free Hospital Management System for Small Practices version 1.0 suffers from a cross site request forgery vulnerability.

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services,

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. "By mimicking the popular 'noblox.js' library, attackers have published dozens of packages designed to steal sensitive data and compromise systems," Checkmarx

Novell ZENworks Configuration Management Preboot Service Remote File Access

This Metasploit module exploits a directory traversal in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted PROXY_CMD_FTP_FILE (opcode 0x21) packet to the 998/TCP port. This Metasploit module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and SP3 over Windows.

EasyCafe Server Remote File Access

This Metasploit module exploits a file retrieval vulnerability in EasyCafe Server. The vulnerability can be triggered by sending a specially crafted packet (opcode 0x43) to the 831/TCP port. This Metasploit module has been successfully tested on EasyCafe Server version 2.2.14 (Trial mode and Demo mode) on Windows XP SP3 and Windows 7 SP1. Note that the server will throw a popup messagebox if the specified file does not exist.