CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

CVE-2024-53920

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to...

UBUNTU-CVE-2024-53920

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to...

Important: Red Hat Security Advisory: Control plane Operators for RHOSO 18.0.3 (Feature Release 1) security update

Control plane Operators for RHOSO 18.0.3 Feature Release 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy aka Cyber D' Luffy on the Runion forum earlier this August, is...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

Hackers Claim Access to Nokia Internal Data, Selling for $20,000

Hackers claim to have breached Nokia through a third-party contractor, allegedly stealing SSH keys, source code, and internal…...

SUSE: Security Advisory (SUSE-SU-2024:3864-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache2 (SUSE-SU-2024:3864-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3864-1 advisory. - CVE-2024-40725: Fixed source code disclosure of local content bsc1228097 Tenable has extracted the...

SUSE-SU-2024:3864-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2024-40725: Fixed source code disclosure of local content bsc1228097...

UP-RESULT PRO 1.0 SQL Injection

Titles: UP-RESULTpro-1.0 Multiple-SQLi Author: nu11secur1ty Date: 10/28/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference:...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2702)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2024:3750-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3750-1 advisory. - CVE-2024-40725: Fixed source code disclosure of local content bsc1228097 Tenable has extracted the preceding description block directly fr...

OESA-2024-2288 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some...

SUSE: Security Advisory (SUSE-SU-2024:3750-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient protection of sensitive data in the source code. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient protection of sensitive data in the source code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected informati...

CVE-2024-48656

Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code...

CVE-2024-48657

SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code...

CVE-2024-48656

Mode C: Affected software is the Student Management System (PHP) with source code version 1.0.0. The vulnerability is a Cross Site Scripting (XSS) flaw in the application that allegedly allows a remote attacker to execute arbitrary code. The Red Hat and NVD entries corroborate the XSS description...