** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor’s position is that the user’s application is responsible for input validation. (CVSS:7.5) (Last Update:2022-10-18)Latest security vulnerabilities (SQL Injection) (CVSS score >= 4)
Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains
ISPConfig versions 4.2.11 and below suffer from a PHP code injection vulnerability in language_edit.php. Exploit Files ≈ Packet Storm
Get free security guidelines and updates that help protect your business against the latest cyber threats & attacks.
All rights reserved 2023 ®Cyber Legion Ltd, Registered in England & Wales, company number 13278010
Access to all of Cyber Legion's services is provided through the Web Secure Client Portal. To create a Free account, you can sign up through the portal, or contact the Cyber Legion team and they will set up an account for you.
The integration of Digital Signature in our Web Client Portal allows us to legally sign all necessary documents and agreements, enabling us to carry out security assessments on targeted systems.
Our pricing structure is adaptable to meet the needs of all clients. By filling out the Work Request Form, you can select from pre-existing services or request a personalized proposal.
The Cyber Legion team will acknowledge your order, set up a project in your account, and proceed with the testing and delivery.
We meet agreed upon SLAs and follow security testing framework checklists. Based on our commitment, our team of engineers will utilize all of our tools, automation, and testing capabilities to achieve the objectives.
Within the agreed upon timeframe, you will receive a report on the security test that was conducted, including the results, recommendations, and references for addressing any identified issues.
We not only identify potential threats, risks, and vulnerabilities, but also provide detailed recommendations for resolution. To ensure complete remediation, we offer complimentary retesting and a range of ongoing security testing options for continued vulnerability detection and verification.
