What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-27 15:15:11 | CVE-2022-45137 (lien direct) | The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. | Guideline | ||
|
2023-02-27 14:15:10 | CVE-2023-23109 (lien direct) | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv. | Guideline | ||
|
2023-02-27 14:15:10 | CVE-2023-23108 (lien direct) | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc. | Guideline | ||
|
2023-02-27 12:15:11 | CVE-2023-1058 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823. | Vulnerability Guideline | ||
|
2023-02-27 12:15:11 | CVE-2023-1063 (lien direct) | A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221827. | Vulnerability Guideline | ||
|
2023-02-27 12:15:11 | CVE-2023-1061 (lien direct) | A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability. | Guideline | ||
|
2023-02-27 12:15:11 | CVE-2023-1062 (lien direct) | A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability. | Guideline | ||
|
2023-02-27 12:15:11 | CVE-2023-1059 (lien direct) | A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824. | Vulnerability Guideline | ||
|
2023-02-27 12:15:10 | CVE-2023-1057 (lien direct) | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-27 12:15:10 | CVE-2023-1056 (lien direct) | A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221821 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-27 11:15:11 | CVE-2023-1054 (lien direct) | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221820. | Vulnerability Guideline | ||
|
2023-02-27 11:15:11 | CVE-2023-1053 (lien direct) | A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819. | Vulnerability Guideline | ||
|
2023-02-26 13:15:10 | CVE-2023-1047 (lien direct) | A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-26 13:15:10 | CVE-2023-1044 (lien direct) | A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803. | Vulnerability Guideline | ||
|
2023-02-26 13:15:10 | CVE-2023-1043 (lien direct) | A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-26 13:15:10 | CVE-2023-1045 (lien direct) | A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804. | Vulnerability Guideline | ||
|
2023-02-26 13:15:10 | CVE-2023-1048 (lien direct) | A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807. | Vulnerability Guideline | ||
|
2023-02-26 13:15:10 | CVE-2023-1042 (lien direct) | A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1">alert(1111) leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800. | Vulnerability Guideline | ||
|
2023-02-26 13:15:10 | CVE-2023-1046 (lien direct) | A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-26 12:15:11 | CVE-2023-1039 (lien direct) | A vulnerability classified as critical was found in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index3.php of the component POST Parameter Handler. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221797 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-26 12:15:11 | CVE-2023-1038 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221796. | Vulnerability Guideline | ||
|
2023-02-26 12:15:11 | CVE-2023-1041 (lien direct) | A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1">alert(1111) leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799. | Vulnerability Guideline | ||
|
2023-02-26 12:15:11 | CVE-2023-1040 (lien direct) | A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file tracking/admin/add_acc.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221798 is the identifier assigned to this vulnerability. | Guideline | ||
|
2023-02-26 12:15:10 | CVE-2023-1036 (lien direct) | A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /APR/signup.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221794 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-26 12:15:10 | CVE-2023-1037 (lien direct) | A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /APR/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221795. | Vulnerability Guideline | ||
|
2023-02-26 08:15:09 | CVE-2019-25105 (lien direct) | A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763. | Vulnerability Guideline | ||
|
2023-02-25 08:15:10 | CVE-2023-1035 (lien direct) | A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784. | Vulnerability Guideline | ||
 |
2023-02-25 02:01:40 | CISA K-12 Report Blog (lien direct) | >Industry technology leaders and K-12 cybersecurity and IT staff would be wise to take note of the findings and recommendations in the CISA K-12 report. | Guideline | ★★★ | |
|
2023-02-25 00:15:11 | CVE-2023-26033 (lien direct) | Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects (in user preferences) the "Recently Visited Packages" view for the index page, the value of the `search_history` cookie is used as a base64 encoded comma separated list of atoms. These are string loaded directly into the SQL query with `atom = '%s'` format string. As a result, any user can modify the browser's cookie value and inject most SQL queries. A proof of concept malformed cookie was generated that wiped the database or changed it's content. On the database, only public data is stored, so there is no confidentiality issues to site users. If it is known that the database was modified, a full restoration of data is possible by performing a full database wipe and performing full update of all components. This issue is patched with commit id 5ae9ca83b73. Version 1.0.1 contains the patch. If users are unable to upgrade immediately, the following workarounds may be applied: (1.) Use a proxy to always drop the `search_history` cookie until upgraded. The impact on user experience is low. (2.) Sanitize to the value of `search_history` cookie after base64 decoding it. | Guideline | ||
|
2023-02-24 20:15:16 | CVE-2023-1030 (lien direct) | A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755. | Vulnerability Guideline | ||
|
2023-02-24 15:15:11 | CVE-2022-4203 (lien direct) | A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. | Guideline | ||
 |
2023-02-24 15:00:00 | To Safeguard Critical Infrastructure, Go Back to Basics (lien direct) | CISA's recently released cybersecurity performance goals can help lower risk and thwart the impact of cyberattacks. | Guideline | ★★★ | |
 |
2023-02-24 14:30:00 | Majority of Android Apps on Google Play Store Provide Misleading Data Safety Labels (lien direct) | An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies and labels of the 20 most popular paid apps and the 20 most popular free | Guideline | ★★★ | |
 |
2023-02-24 13:01:00 | Best Practices for Security Hardening (lien direct) | Dive into identifying the risks and vulnerabilities that make security hardening necessary. Also, obtain some guidelines on how organizations can start hardening their systems today. | Guideline | ★★★ | |
|
2023-02-24 11:15:11 | CVE-2023-1010 (lien direct) | A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743. | Vulnerability Guideline | ||
|
2023-02-24 11:15:10 | CVE-2023-1008 (lien direct) | A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-24 11:15:10 | CVE-2023-1007 (lien direct) | A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740. | Vulnerability Guideline | ||
|
2023-02-24 11:15:10 | CVE-2023-1009 (lien direct) | A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-24 09:15:10 | CVE-2023-1005 (lien direct) | A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-221738 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-24 09:15:10 | CVE-2023-1006 (lien direct) | A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument lastname with the input ">prompt(1) leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739. | Vulnerability Guideline Medical | ||
|
2023-02-24 08:15:11 | CVE-2023-0999 (lien direct) | A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-24 08:15:11 | CVE-2023-0998 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-24 08:15:11 | CVE-2023-1004 (lien direct) | A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2023-02-24 08:15:11 | CVE-2023-1002 (lien direct) | A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735. | Vulnerability Guideline | ||
|
2023-02-24 08:15:10 | CVE-2023-0997 (lien direct) | A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732. | Vulnerability Guideline | ||
|
2023-02-24 05:15:15 | CVE-2023-26102 (lien direct) | All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype | Guideline | ||
|
2023-02-23 20:25:00 | Linux Foundation Europe Announces Formation of OpenWallet Foundation (lien direct) | Diverse ecosystem of global technology, finance, and university leaders join as first OpenWallet Foundation Members, many more expected. | Guideline | ★ | |
|
2023-02-23 20:15:13 | CVE-2023-23919 (lien direct) | A cryptographic vulnerability exists in Node.js | Vulnerability Guideline | ||
|
2023-02-23 20:15:12 | CVE-2023-0044 (lien direct) | If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature. | Guideline | ||
|
2023-02-23 16:15:11 | CVE-2023-0988 (lien direct) | A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability. | Guideline |
To see everything:
Our RSS (filtrered)
