CVE-2023-25261

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...

Remote code execution

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...

Portion of Twitter’s proprietary source code leaked on GitHub

By Deeba Ahmed Twitter had to file a DMCA request after its source code was found on GitHub. This is a post from HackRead.com Read the original post: Portion of Twitters proprietary source code leaked on GitHub...

Employee Performance Evaluation System v1.0 - File Inclusion / Remote Code Execution Exploit

Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE Exploit Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html...

Rental House Management System 1.0 Cross Site Scripting

Exploit Title: Rental House Management System - Reflected Cross-Site Scripting XSS Date: 25/03/2023 Exploit Author: İsmail Can Durna Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/admin/rentalhousemanagementsystem.zip...

Medicine Tracker System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Medicine Tracker System - Cross Site Scripting Vulnerability Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html Software...

Yoga Class Registration 1.0 SQL Injection Vulnerability

Title: Yoga Class Registration -1.0-2023 - Multiple SQLi Author: nu11secur1ty Date: 02.27.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Reference:...

A New Approach to Discover, Monitor, and Reduce Your Modern Web Attack Surface

Web applications reign the internet universe, but also bring new risks that let attackers poke holes in an ever-expanding attack surface. Stolen credentials have been the historical culprit. Recent analysis saw a spike in exploits targeting web applications directly through specially-crafted...

[SECURITY] Fedora 38 Update: chromaprint-1.5.1-8.fc38

Chromaprint library is the core component of the AcoustID project. It's a client-side library that implements a custom algorithm for extracting fingerprints from raw audio sources. The library exposes a simple C API. The documentation for the C API can be found in the main header file. License fo...

CVE-2023-27583

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...

Hardcoded credentials

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...

CVE-2023-27583 Panindex uses hard coded cyptographic key

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...

CVE-2023-27583 Panindex uses hard coded cyptographic key

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...

Command Injection

emacs is vulnerable to Command Injection. An attacker can inject and execute malicious commands via shell metacharacters in the name of a source-code file because etags.c uses the system C library function to implement the etags program...

Purchase Order Management 1.0 Cross Site Scripting Vulnerability

Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload. Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Vendor:...

MAL-2023-1227 Malicious code in lime-web-component-interfaces (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 94eb9bf47469857d8b3e3da68a34e320a0c7b1129a7b260fafe36dea5396cc0c Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

A malicious Python package uploaded to the Python Package Index PyPI has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind...

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...

MAL-2023-6625 Malicious code in selfsplitreplacecraft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7df84fb9d259d10ace99c1e37391c7d1a2a641f28aa55e746f5bca57e8b03488 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

When Low-Tech Hacks Cause High-Impact Breaches

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddys admission that i...