🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security

RSS Feed Symbol für Team IT Security

800+ IT News als RSS Feed abonnieren

Thema auswählen:

📚 U.S. Dept Of Defense: Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████]

🕛 Zeit seit Veröffentlichung: 72 Tage, 20 Stunden 30 Minuten
📆 Veröffentlicht am: 04.02.2024 um 11:04 Uhr
💡 Newskategorie: Sicherheitslücken
🔗 Quelle: vulners.com

Hi there, i have found a vulnerability on you domain. After directory bruteforcing i found an directory without having any kind of protection and authentication. so an attacker can add new user to the site As Admin and an attacker can also change privilege of the users without any authentication. for further read steps to reproducue. Impact The attacker can add itself as admin user and can also change user privileges without any authentication. this can lead to huge impact the entire site can be compromised. System Host(s) ████ Affected Product(s) and Version(s) CVE Numbers Steps to Reproduce Visit ████████:1:0::::: you will see the website is asking to login Now change the 1 to 9 or directly visit this url. Navigate to Add New User enter email address, First name, Last name and choose agency to Non-Agency. Click on add new user check mail inbox you will recieve the username and password for the admin account you just created. Login with the creds you just got in you email. NOTE: I CREATED 2 ACCOUNTS WHILE TESTING THIS ISSUE I HAVE PROVIED CREDS FOR THE BOTH ACCOUNT IN POC MAKE SURE TO CHECK THEM AS WELL Suggested Mitigation/Remediation Actions the website should have proper authentication for the url ████████::::: so that can any unauthorized user cannot add user or change the privileges of the existing... ...

Sharing is caring on Social Media

Join the Team IT Security Community

📌 U.S. Dept Of Defense: Attacker can Add itself as admin user and can also change privileges of Existing Users [█████████]

🕛 34 Tage, 3 Stunden 56 Minuten
📆 04.02.2024 um 11:04 Uhr
📈 129.1 Punkte

📌 Scenaro : 1. Victim opens the attacker’s web site. 2. Attacker sets up a web site which contain interesting and attractive content like ‘Do you want to make $1000 in a day? 3. Victim clicks to the interesting and attractive content URL. 4. Attacker c

🕛 1087 Tage, 1 Stunden 41 Minuten
📆 01.04.2021 um 11:37 Uhr
📈 46.35 Punkte

📌 (Linux OS) Can my ISP see my net-traffic and websites that i visit if : 1. I change my DNS (only) ? 2. I use VPN and change my DNS ? 3. I use a tool like anonsurf/kalitorify/nipe/etc. to make the tor network my default gateway and also change my DNS

🕛 1514 Tage, 19 Stunden 19 Minuten
📆 23.02.2020 um 11:13 Uhr
📈 43.02 Punkte

📌 (Linux OS) Can my ISP see my net-traffic and websites that i visit if : 1. I change my DNS (only) ? 2. I use VPN and change my DNS ? 3. I use a tool like anonsurf/kalitorify/nipe/etc. to make the tor network my default gateway and also change my DNS

🕛 1514 Tage, 19 Stunden 17 Minuten
📆 23.02.2020 um 11:25 Uhr
📈 43.02 Punkte

📌 U.S. Dept Of Defense: User automatically logged in as Sys Admin user on https://███/Administration/Administration.aspx

🕛 165 Tage, 12 Stunden 7 Minuten
📆 03.10.2023 um 13:57 Uhr
📈 42.57 Punkte

📌 Reddit Admin change on deleted posts by user/mods. Also: Reporting posts, general privacy, and you

🕛 1028 Tage, 12 Stunden 49 Minuten
📆 23.06.2021 um 18:04 Uhr
📈 33.1 Punkte

📌 U.S. Dept Of Defense: Default Admin Username and Password on ███

🕛 117 Tage, 11 Stunden 12 Minuten
📆 23.11.2023 um 13:30 Uhr
📈 32.75 Punkte

📌 U.S. Dept Of Defense: Old Session Does Not Expires After Password Change

🕛 1177 Tage, 9 Stunden 27 Minuten
📆 31.12.2020 um 19:51 Uhr
📈 31.96 Punkte

📌 An attacker can use rowhammer attacker to induce bit flips, thereby leaking the victim's secret data via a side channel.

🕛 1770 Tage, 10 Stunden 2 Minuten
📆 12.06.2019 um 21:21 Uhr
📈 31.86 Punkte

📌 Shopify: Stocky App Administrator can create a backdoor admin account by using an existing POS User

🕛 1331 Tage, 5 Stunden 31 Minuten
📆 20.08.2020 um 04:48 Uhr
📈 31.21 Punkte

📌 U.S. Dept Of Defense: Blind Stored XSS on ███████ leads to takeover admin account

🕛 1132 Tage, 8 Stunden 17 Minuten
📆 24.02.2021 um 16:52 Uhr
📈 30.97 Punkte

📌 Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used

🕛 1404 Tage, 7 Stunden 32 Minuten
📆 12.06.2020 um 23:30 Uhr
📈 30.3 Punkte

📌 U.S. Dept Of Defense: View another user information with IDOR vulnerability

🕛 1240 Tage, 11 Stunden 46 Minuten
📆 10.10.2020 um 20:48 Uhr
📈 29.94 Punkte

📌 U.S. Dept Of Defense: Full account takeover of any user through reset password

🕛 151 Tage, 10 Stunden 9 Minuten
📆 05.10.2023 um 19:49 Uhr
📈 29.94 Punkte

📌 U.S. Dept Of Defense: Improper Authentication (Login without Registration with any user) at ████

🕛 34 Tage, 3 Stunden 56 Minuten
📆 25.01.2024 um 14:29 Uhr
📈 29.94 Punkte

📌 D-LINK SQL Injection Vulnerability Let Attacker Gain Admin Privileges - IT Security News

🕛 171 Tage, 5 Stunden 32 Minuten
📆 28.10.2023 um 21:17 Uhr
📈 29.65 Punkte

📌 D-LINK SQL Injection Vulnerability Let Attacker Gain Admin Privileges

🕛 171 Tage, 2 Stunden 2 Minuten
📆 28.10.2023 um 15:51 Uhr
📈 29.65 Punkte

📌 Automattic: [IDOR] Attacker user can Approve/Decline AFK on the behalf of other users

🕛 1598 Tage, 21 Stunden 32 Minuten
📆 30.10.2019 um 17:51 Uhr
📈 28.67 Punkte

📌 Former DHS and Defense Dept Spokesperson: Trump’s Response to Civil Unrest in Portland is Damaging to Our Government and Our Democracy

🕛 1359 Tage, 15 Stunden 32 Minuten
📆 27.07.2020 um 14:56 Uhr
📈 27.71 Punkte

📌 [APPSEC-1972/APPSEC-2103] Admin password change did not force the logout of the admin user

🕛 1694 Tage, 0 Stunden 0 Minuten
📆 21.11.2018 um 09:58 Uhr
📈 27.27 Punkte

📌 CVE-2023-40852 | PHPGurukul User Registration & Login and User Management System with Admin Panel Admin Login page sql injection (Exploit 51695 / EDB-51695)

🕛 165 Tage, 16 Stunden 22 Minuten
📆 03.11.2023 um 14:34 Uhr
📈 27.03 Punkte

📌 If you are looking for a PDF editor/viewer, "Xournal++" is what you are looking for. It's the BEST. It's free, and it's also open source. You can also connect your graphics tablet.

🕛 1233 Tage, 8 Stunden 3 Minuten
📆 30.11.2020 um 23:45 Uhr
📈 26.87 Punkte

📌 Reconstitution of a Partnership Firm: Meaning, Reasons, Change in Profit Sharing Ratio amongst the Existing Partner and Sacrificing Partner Ratio and Gaining Partner Ratio

🕛 432 Tage, 14 Stunden 43 Minuten
📆 07.02.2023 um 00:00 Uhr
📈 26.63 Punkte

📌 CVE-2023-6464 | SourceCodester User Registration and Login System 1.0 /endpoint/add-user.php user sql injection

🕛 117 Tage, 0 Stunden 11 Minuten
📆 22.12.2023 um 07:02 Uhr
📈 26.6 Punkte

📌 1Password confirms attacker tried to pull list of admin users after Okta intrusion

🕛 175 Tage, 16 Stunden 13 Minuten
📆 24.10.2023 um 17:15 Uhr
📈 26.35 Punkte

📌 Plasma Mobile developers improve existing apps across the board, add brand new ones, and work on overhauling the lock screen, home screen and usability

🕛 1085 Tage, 19 Stunden 0 Minuten
📆 27.04.2021 um 12:29 Uhr
📈 26.22 Punkte

📌 AI21 Labs Proposes A New Method Called ‘In-Context RALM’ That Can Add Ready-Made External Knowledge Sources To The Existing Language Model

🕛 452 Tage, 12 Stunden 33 Minuten
📆 20.01.2023 um 18:32 Uhr
📈 26 Punkte

📌 U.S. Dept Of Defense: Online training material disclosing username and password

🕛 1652 Tage, 7 Stunden 2 Minuten
📆 13.08.2019 um 21:48 Uhr
📈 25.93 Punkte

📌 U.S. Dept Of Defense: Reflected XSS and HTML Injectionon a DoD website

🕛 1405 Tage, 10 Stunden 31 Minuten
📆 25.04.2020 um 21:03 Uhr
📈 25.93 Punkte

📌 U.S. Dept Of Defense: Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd

🕛 1321 Tage, 10 Stunden 33 Minuten
📆 19.08.2020 um 21:58 Uhr
📈 25.93 Punkte

📌 U.S. Dept Of Defense: Apparent ██████████ website is publicly exposed, suggests default account details on page and has expired SSL/TLS cert

🕛 1240 Tage, 11 Stunden 46 Minuten
📆 03.11.2020 um 13:11 Uhr
📈 25.93 Punkte

📌 U.S. Dept Of Defense: [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions

🕛 434 Tage, 2 Stunden 31 Minuten
📆 07.02.2023 um 00:00 Uhr
📈 25.93 Punkte

📌 U.S. Dept Of Defense: Path traversal leads to reading of local files on ███████ and ████

🕛 389 Tage, 10 Stunden 55 Minuten
📆 28.02.2023 um 08:20 Uhr
📈 25.93 Punkte

📌 U.S. Dept Of Defense: [█████████] Information disclosure due unauthenticated access to APIs and system browser functions

🕛 179 Tage, 11 Stunden 46 Minuten
📆 28.08.2023 um 17:03 Uhr
📈 25.93 Punkte

📌 U.S. Dept Of Defense: [███████] Information disclosure due unauthenticated access to APIs and system browser functions

🕛 165 Tage, 12 Stunden 7 Minuten
📆 25.08.2023 um 00:14 Uhr
📈 25.93 Punkte

matomo