** DISPUTED ** Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor’/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor’s position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content. (CVSS:5.0) (Last Update:2022-12-09) Latest security vulnerabilities (Directory Traversal) (CVSS score >= 4)
The data stolen included personal information such as passport and Medicare numbers Categories RSS Feed
3CX Desktop App for Windows and macOS Reportedly Compromised in Supply Chain Attack A softphone desktop application from 3CX, makers of a popular VoIP PBX
Get free security guidelines and updates that help protect your business against the latest cyber threats & attacks.
All rights reserved 2023 ®Cyber Legion Ltd, Registered in England & Wales, company number 13278010
Access to all of Cyber Legion's services is provided through the Web Secure Client Portal. To create a Free account, you can sign up through the portal, or contact the Cyber Legion team and they will set up an account for you.
The integration of Digital Signature in our Web Client Portal allows us to legally sign all necessary documents and agreements, enabling us to carry out security assessments on targeted systems.
Our pricing structure is adaptable to meet the needs of all clients. By filling out the Work Request Form, you can select from pre-existing services or request a personalized proposal.
The Cyber Legion team will acknowledge your order, set up a project in your account, and proceed with the testing and delivery.
We meet agreed upon SLAs and follow security testing framework checklists. Based on our commitment, our team of engineers will utilize all of our tools, automation, and testing capabilities to achieve the objectives.
Within the agreed upon timeframe, you will receive a report on the security test that was conducted, including the results, recommendations, and references for addressing any identified issues.
We not only identify potential threats, risks, and vulnerabilities, but also provide detailed recommendations for resolution. To ensure complete remediation, we offer complimentary retesting and a range of ongoing security testing options for continued vulnerability detection and verification.
