Hardcoded credentials

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

The critical vulnerability is buried among endless open source code, and many cyber experts are stumped...

Online Railway Reservation System 1.0 - Admin Account Creation Vulnerability

Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation Unauthenticated Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

Dart has an unspecified vulnerability

Dart is an open source programming language. A security vulnerability exists in the Dart SDK, which could be exploited by an attacker to embed source code that is not visible to code reviewers to modify the behavior of the program in unexpected ways...

Malicious code in bootstrap-feature (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3db5e43a78e41f050b0e265c951bc776e693abd20a01108e6c8ea2e15a5e7c4d Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2022-7431 Malicious code in bootstrap-feature (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3db5e43a78e41f050b0e265c951bc776e693abd20a01108e6c8ea2e15a5e7c4d Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

PayPal Free Source Code Access Control Error Vulnerability

PayPal Free Source Code is an online registration management system. An access control error vulnerability exists in PayPal Free Source Code, which stems from the product's failure to validate privileges when obtaining PHP and PayPal Free Source 1.0 product code, and can be exploited by an attack...

CVE-2021-40579

The CVE-2021-40579 entry concerns the PayPal Free Source Code Online Enrollment Management System in PHP (version 1.0) and related components, affected by Incorrect Access Control. The underlying impact is remote privilege gain through improper privilege validation when obtaining PHP and PayPal F...

PayPal Free Source Code 访问控制错误漏洞

PayPal Free Source Code is an online registration management system. An access control error vulnerability exists in PayPal Free Source Code, which stems from the product's failure to validate privileges when obtaining PHP and PayPal Free Source 1.0 product code, and can be exploited by an attack...

MAL-2021-4 Malicious code in lib-bb-html-sanitizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 74072bddc9908e0147976fde0680c197ac5b38167bfcdf14afc5f79f23749f72 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in cxp-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b0e4725a2db5433915386ce19dadd7812b0f44e9afcb7c48d855797cf7a78537 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in lib-bb-html-sanitizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 74072bddc9908e0147976fde0680c197ac5b38167bfcdf14afc5f79f23749f72 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2021-1 Malicious code in cxp-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b0e4725a2db5433915386ce19dadd7812b0f44e9afcb7c48d855797cf7a78537 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read...

MAL-2021-3 Malicious code in digital-marketing-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in digital-marketing-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2021-2 Malicious code in dbp-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4f59dcb33c6b979c2571b136278d2a4dbb77c122506b74f77ed0bc422fed824a Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has almost certainly been exploited in the wild as a zero-day, according to an analys...

4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories

A security flaw has been unearthed in Microsoft's Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. The vulnerability, codenamed "NotLegit," was reported to the tech...

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

Don’t duck at the latest mention of Apache: Two critical bugs in its HTTP web server – HTTPD – need to be patched pronto, lest they lead to attackers triggering denial of service DoS or bypassing your security policies. Apache, the open-source software foundation behind the Log4J logging library...