Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed On the Learning Management page /wp-admin/admin.php?page=cluevo-lms, click Add Course, then put the followi...

SyntheticSun - A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glass With reflections o...

WordPress Learning Courses plugin <= 4.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by dhananjaygarg192002 in WordPress Learning Courses plugin versions = 5.0. Solution Patched in version 5.0, but closed for other security reasons. This plugin has been closed as of October 8, 2021 and is not available for download. Reason:...

Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Visit to Paypal Setting Under Learning Plugin Enter the XSS payload " in Email PD...

Learning Courses < 5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Visit to Paypal Setting Under Learning Plugin Enter the XSS payload " in Email PDT...

vulhub

This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for learning and practicing penetration testing and vulnerability assessment. It is maintained by phith0n and hosted on GitHub. The repository contains various vulnerable...

h1-ctf: Saving Christmas from Grinchy Gods

It was a fun CTF to play had some good learning on thinking of how to approach real world targets and more things we can try while testing any target , some nudges were good and reminded of scenarios of actual microservices are built where these security issues can be present huge shoutouts to Ad...

Security Bulletin: Log4JShell Vulnerability affects Watson Machine Learning in Cloud Pak for Data (CVE-2021-44228)

Summary Apache Log4j, used for logging in Watson Machine Learning in Cloud Pak for Data, is impacted by the Apache Log4j vulnerability CVE-2021-44228. Customers are encouraged to take quick action to update their systems. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could...

OPENSUSE-SU-2021:1603-1 Security update for netdata

This update for netdata fixes the following issues: Update to 1.31.0 go.d.plugin 0.29.0 The v1.31.0 release of Netdata comes with re-packaged and redesigned elements of the dashboard to help you focus on your metrics, even more Linux kernel insights via eBPF, on-node machine learning to help you...

How and why do we attack our own Anti-Spam?

We often use machine-learning ML technologies to improve the quality of cybersecurity systems. But machine-learning models can be susceptible to attacks that aim to "fool" them into delivering erroneous results. This can lead to significant damage to both our company and our clients. Therefore, i...

Security update for netdata (moderate)

openSUSE Security Update: Security update for netdata Announcement ID: openSUSE-SU-2021:1603-1 Rating: moderate References: 1139094 1139095 1139098 Cross-References: CVE-2018-18836 CVE-2018-18837 CVE-2018-18838 CVE-2018-18839 CVSS scores: CVE-2018-18836 NVD : 6.5...

Livery Delivers a Seamless Low Latency Streaming Experience with Help from Akamai

Our new normal has ushered in the advent of hybrid events — a mix of in-person and virtual events. This has made seamless live streaming with active participation of the audience, both live and remote, more important than ever. Amsterdam-headquartered company Livery is an end-to-end SaaS solution...

OpenOlat has unspecified vulnerabilities

OpenOLAT is a web-based e-learning platform for teaching, learning, assessing and communicating with an LMS, a learning management system. a security vulnerability exists in versions of OpenOlat prior to 15.5.12 and 16.0.5, which stems from the fact that by providing a file name containing a...

e-learning.polban.ac.id Cross Site Scripting vulnerability OBB-2300116

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

Path traversal

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

CVE-2021-41242

OpenOlat (web-based LMS) has a path traversal vulnerability in REST methods that allow an attacker with a user account and enabled REST API to craft a filename containing a relative path, enabling write access to files anywhere under the web root or beyond depending on server configuration. Affec...

Best practices for AI security risk management

Today, we are releasing an AI security risk assessment framework as a step to empower organizations to reliably audit, track, and improve the security of the AI systems. In addition, we are providing new updates to Counterfit, our open-source tool to simplify assessing the security posture of AI...

Chamilo LMS Remote Code Execution Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. v1.11.x of Chamilo LMS contains a remote code execution vulnerability that can be exploit...