Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

2 million job seekers targeted by data thieves

A criminal group called ResumeLooters has stolen the personal information of over two million job seekers from at least 65 different websites.

Malwarebytes
Open in Source
#sql#xss#web#git
GHSA-r3jc-3qmm-w3pw: SQLAlchemyDA unauthenticated arbitrary SQL query execution

### Impact The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected. ### Patches The problem has been patched in version 2.2. ### Workarounds There is no workaround. All users are urged to upgrade to version 2.2

New ResumeLooters Gang Targets Job Seekers, Steals Millions of Resumes

By Deeba Ahmed So far, the gang has mostly targeted job seekers in the APAC (Asia Pacific) region. This is a post from HackRead.com Read the original post: New ResumeLooters Gang Targets Job Seekers, Steals Millions of Resumes

Debian Security Advisory 5616-1

Debian Linux Security Advisory 5616-1 - It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitized style elements, which may result in cross-site scripting.

Hackers Exploit Job Boards in APAC, Steal Data of Millions of Job Seekers

Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others. The attacks exploit CVE-2024-21893 (CVSS

Cacti pollers.php SQL Injection / Remote Code Execution

This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is granted by setting the Sites/Devices/Data permission in the General Administration section.

GYM MS 1.0 Cross Site Scripting

Gym Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original credit for this finding goes to Jyotsna Adhana in October of 2020 but uses a different vector of attack for this software version.

Bank Locker Management System SQL Injection

Bank Locker Management System suffers from a remote SQL injection vulnerability.

Cloudflare Hacked After State Actor Leverages Okta Breach

By Deeba Ahmed CloudFlare Servers Were Hacked on Thanksgiving Day Using Auth Tokens Stolen in Okta Breach. This is a post from HackRead.com Read the original post: Cloudflare Hacked After State Actor Leverages Okta Breach