PayPal Free Source Code 访问控制错误漏洞

PayPal Free Source Code is an online registration management system. An access control error vulnerability exists in PayPal Free Source Code, which stems from the product's failure to validate privileges when obtaining PHP and PayPal Free Source 1.0 product code, and can be exploited by an attack...

MAL-2021-4 Malicious code in lib-bb-html-sanitizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 74072bddc9908e0147976fde0680c197ac5b38167bfcdf14afc5f79f23749f72 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in cxp-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b0e4725a2db5433915386ce19dadd7812b0f44e9afcb7c48d855797cf7a78537 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in lib-bb-html-sanitizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 74072bddc9908e0147976fde0680c197ac5b38167bfcdf14afc5f79f23749f72 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2021-1 Malicious code in cxp-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b0e4725a2db5433915386ce19dadd7812b0f44e9afcb7c48d855797cf7a78537 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read...

MAL-2021-3 Malicious code in digital-marketing-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in digital-marketing-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 902d44e21b6271e6b66059054f16d136d16fdc5172a47797fcfc9eda5a32fa05 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2021-2 Malicious code in dbp-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4f59dcb33c6b979c2571b136278d2a4dbb77c122506b74f77ed0bc422fed824a Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has almost certainly been exploited in the wild as a zero-day, according to an analys...

4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories

A security flaw has been unearthed in Microsoft's Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. The vulnerability, codenamed "NotLegit," was reported to the tech...

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

Don’t duck at the latest mention of Apache: Two critical bugs in its HTTP web server – HTTPD – need to be patched pronto, lest they lead to attackers triggering denial of service DoS or bypassing your security policies. Apache, the open-source software foundation behind the Log4J logging library...

Open Redirect in erudika/scoold

Description Hi erudika scoold team, there is an Open redirect in your source code at question url Proof of Concept 1. Go to this link https://pro.scoold.com/questions/space?returnto=https://google.com 2. Observe that you are redirected to google.com Impact This vulnerability is capable of Open...

NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories

Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories...

Gumtree exposed users’ personal and GPS location via source code

By Waqas Gumtree.com or Gumtree is a London, England-based online classified advertisement website with millions of registered users. This is a post from HackRead.com Read the original post: Gumtree exposed users personal and GPS location via source code...

Enalean Tuleap Injection Vulnerability

Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management, and team collaboration.Enalean Tuleap suffers from an...

Enalean Tuleap SQL Injection Vulnerability (CNVD-2021-103507)

Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management and team collaboration.Enalean Tuleap is vulnerable to SQL...

Child's Day Care Management System 1.0 SQL Injection

Title: Child's Day Care Management System 1.0 SQL - Injection Author: nu11secur1ty Date: 12.16.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15085/childs-day-care-management-system-phpoop-free-source-code.html Description: The username in...

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services IIS webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C-developed .NET v4.0...

Side-Channel Attack

github.com/sourcegraph/sourcegraph is vulnerable to side channel attack. The attack is possible because the library does not properly exclude the private source code search results in 'searchresults.go' , allowing an authenticated attacker to check specific string and API keys exists in private...