İzmir Katip Çelebi University Security Vulnerabilities

CVE-2024-1265

A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to...

CVE-2024-1266

A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting......

CVE-2016-15010

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can...

Input validation

Improper Input Validation vulnerability in Izmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before...

CVE-2023-6190

Improper Input Validation vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before...

CVE-2024-23826

spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is....

CVE-2022-4564

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...

CVE-2016-15010

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can...

CVE-2023-50923

In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A....

DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value

Impact Denial of Service, Applications that allow the use of the PBKDF2 algorithm. Patches A patch is available that sets the maximum number of default rounds. Workarounds Applications that do not need to use PBKDF2 should simply specify the algorithms use and exclude it from the list....

DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value

Impact Denial of Service, Applications that allow the use of the PBKDF2 algorithm. Patches A patch is available that sets the maximum number of default rounds. Workarounds Applications that do not need to use PBKDF2 should simply specify the algorithms use and exclude it from the list....

About the security content of iTunes 12.13.2 for Windows

About the security content of iTunes 12.13.2 for Windows This document describes the security content of iTunes 12.13.2 for Windows. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

‘Malicious Activity’ Hits the University of Cambridge’s Medical School

Multiple university departments linked to the Clinical School Computing Service have been inaccessible for a month. The university has not revealed the nature of the “malicious...

CVE-2022-4564

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...

github-slug-action vulnerable to arbitrary code execution

Impact This action uses the github.head_ref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. (Note that...

FreeBSD : xymon-server -- multiple vulnerabilities (10e1d580-d174-11e9-a87f-a4badb2f4699)

Japheth Cleaver reports : Several buffer overflows were reported by University of Cambridge Computer Security Incident Response...

Updated apache packages fix security vulnerabilities

Apache has been updated to version 2.4.59 to fix CVE-2024-27316, CVE-2024-24795 and CVE-2023-38709. CVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames (cve.mitre.org) HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in.....

About the security content of tvOS 17.5

About the security content of tvOS 17.5 This document describes the security content of tvOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....

About the security content of watchOS 10.5

About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

CVE-2008-5005

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail...

CVE-2006-0250

Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port...

CVE-2004-0185

Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long...

Exploit for Code Injection in Unicode

CVE-2021-42574 - Code generator // Update: 05.11.2021 ...

Exploit for Code Injection in Unicode

CVE-2021-42574 - Code generator // Update: 05.11.2021 ...

About the security content of macOS Sonoma 14.5

About the security content of macOS Sonoma 14.5 This document describes the security content of macOS Sonoma 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....

Fedora: Security Advisory for exim (FEDORA-2021-89cb264e4d)

The remote host is missing an update for...

Fedora: Security Advisory for exim (FEDORA-2021-4eaf89b133)

The remote host is missing an update for...

Fedora: Security Advisory for exim (FEDORA-2021-5697574fd1)

The remote host is missing an update for...

Mozilla Firefox Security Advisory (MFSA2016-43) - Deprecated

This host is missing a security update for Mozilla Firefox. This VT has been deprecated and is therefore no longer...

Mageia: Security Advisory (MGASA-2024-0118)

The remote host is missing an update for...

[SECURITY] Fedora 40 Update: jflex-1.7.0-18.fc40

JFlex is a lexical analyzer generator (also known as scanner generator) for Java, written in Java. It is also a rewrite of the very useful tool JLex which was developed by Elliot Berk at Princeton University. As Vern Paxson states for his C/C++ tool flex: They do not share any code though. ...

About the security content of iOS 17.5 and iPadOS 17.5

About the security content of iOS 17.5 and iPadOS 17.5 This document describes the security content of iOS 17.5 and iPadOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

RedHat Update for openssl RHSA-2016:0301-01

The remote host is missing an update for...

Cookie consent choices are just being ignored by some websites

In news that is, sadly, unlikely to shock you, new research indicates that many websites ignore visitors' choices to refuse cookies and collect their data anyway. Researchers at the University of Amsterdam (UvA) analyzed 85,000 European websites and came to the conclusion that 90% of them violated....

RedHat Update for kernel RHSA-2017:2473-01

The remote host is missing an update for...

Cross site scripting

A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting......

Cross site scripting

A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to...

RedHat Update for openssl098e RHSA-2016:0372-01

The remote host is missing an update for...

Exploit for Vulnerability in Moodle

CVE-2021-36394-Pre-Auth-RCE-in-Moodle Vulnerability...

Cross site request forgery (csrf)

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to...

Cross site scripting

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can...

XStream can be used for Remote Code Execution

Impact The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.14. Workarounds No user is affected, who...

RedHat Update for wpa_supplicant RHSA-2017:2907-01

The remote host is missing an update for...

U.S. Dept Of Defense: Xss - ███

Hi teams, Parameter: goal[1][Costs] ███ Burp request POST /HRO/Training/idpgenerate.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw Accept: / Referer: https://██████/ Cookie: PHPSESSID=l7c1vrsg3dbkgsp2lturjs6kca; session=expiry=1706891234033569;...

RedHat Update for wpa_supplicant RHSA-2017:2911-01

The remote host is missing an update for...

Exploit for Classic Buffer Overflow in Golang Go

🚨 Exploiting...

RedHat Update for dhcp RHSA-2012:1141-01

The remote host is missing an update for...

RedHat Update for bind97 RHSA-2016:2142-01

The remote host is missing an update for...

RedHat Update for bind RHSA-2016:2615-01

The remote host is missing an update for...

RedHat Security Advisory RHSA-2009:1159

The remote host is missing updates announced in advisory RHSA-2009:1159. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space...