EUVD-2021-29304

Malicious code in bioql PyPI...

CVE-2021-42330

The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...

Design/Logic Flaw

The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...

Design/Logic Flaw

The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...

PT-2021-23573 · Unknown · Shinher Studyonline System

Name of the Vulnerable Software and Affected Versions: ShinHer StudyOnline System affected versions not specified Description: The issue concerns the "Teacher Edit" function, which lacks authority control. After logging in with a user's privilege, remote attackers can access and edit other users'...

PT-2021-23575 · Unknown · Shinher Studyonline System

Name of the Vulnerable Software and Affected Versions: ShinHer StudyOnline System affected versions not specified Description: The issue concerns the "List View" function not being under authority control, allowing remote attackers to access other users' message board content by manipulating URL...

Protecting your Domain Names: Taking the First Steps

Everyone and everything on the Internet depends on the Domain Name System DNS being functional. The DNS has been a common vector for attacks in recent years, and 2019 seems to be no different. Many of these attacks have goals far more sinister than simply taking a company offline or defacing a...

Phabricator: The special code in editor has no Authority control and can lead to Information Disclosure

Here is your keyword:mongoose Details: - Summary: Uploaded file will be showed as a special code Fxxx in Phabricator editor,but it has no Authority control. - Reproduce steps: 1.Open two different browsers to simulate two different users 2.browser A:login as user "toma" 3.browser B:login a user...

Security Advisory-Authority Control Vulnerability in Quidway Switches

Huawei Quidway switches have the authority control vulnerability in access authentication, which may be exploited by attackers to obtain higher access permissions. Vulnerability ID: HWPSIRT-2014-11119 This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2015-1460...