CVE-2020-10495

CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request...

CVE-2020-10465

Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

The threat actors behind the Darcula phishing-as-a-service PhaaS platform have released new updates to their cybercrime suite with generative artificial intelligence GenAI capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to...

Linux Distros Unpatched Vulnerability : CVE-2023-44387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves...

[SECURITY] Fedora 40 Update: python-notebook-7.2.2-1.fc40

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

Pharmacy Management System version 1.0 Insecure Settings

==================================================================================================================================== | Title : Pharmacy Management System version 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

GHSA-JM9M-RQR3-WFMH Kirby has insufficient permission checks in the language settings

TL;DR This vulnerability affects all Kirby sites with enabled languages option that might have potential attackers in the group of authenticated Panel users. If you have disabled the languages and/or api option and don't call any methods in your code that cause a write access to languages languag...

kirilkirkov Ecommerce-Laravel-Bootstrap 代码问题漏洞

kirilkirkov Ecommerce-Laravel-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution kirilkirkov Ecommerce-Laravel-Bootstrap suffers from a code issue vulnerability that stems from the fact that manipulation of the parameter laraCart can lead to...

OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered

OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations IO originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence AI tools to manipulate public discourse or political outcomes online while obscuring their true identity...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki Foundation's suite of wiki platforms for creating collaborative Web applications. A security vulnerability exists in XWiki Platform that stems from the fact that in a multi-language wiki, any user with editing privileges can edit translations, thus circumventing the...

[SECURITY] Fedora 40 Update: openni-1.5.7.10-33.fc40

OpenNI Open Natural Interaction is a multi-language, cross-platform framework that defines APIs for writing applications utilizing Natural Interaction. OpenNI APIs are composed of a set of interfaces for writing NI applications. The main purpose of OpenNI is to form a standard API that enables...

BIT-GRADLE-2022-23630 Dependency verification bypass in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled ...

BIT-GRADLE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

BIT-GRADLE-2023-35946 Dependency cache path traversal in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to writ...

BIT-GRADLE-2023-44387 Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

SuperStoreFinder 3.7 XSS / CSRF / Command Execution

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....

SuperStoreFinder - Multiple Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....

phpMyFAQ Access Control Error Vulnerability

phpMyFAQ is a multi-language, fully database-driven FAQ system. An access control error vulnerability exists in versions prior to phpMyFAQ 3.2.2, which stems from the presence of insufficient session expiration. An attacker can exploit this vulnerability to still use old sessions...

Xxe

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

CVE-2023-42445

CVE-2023-42445 affects Gradle: XML External Entity (XXE) resolution was not disabled in some parsing paths, enabling potential exfiltration of local text files via XML parsing with an OOB-XXE scenario. Documents confirm Gradle now disables XML external entities for all use cases in Gradle 7.6.3 a...