15493 matches found
MAL-2023-191 Malicious code in cms-serviceclients-extensions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3150363413ce714345472394bfc28e97eba6d3608025b70b28e9142230cecbd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
2023-03 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5023696)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...
2023-03 Cumulative Update for Windows 11 Version 22H2 for ARM64-based Systems (KB5023706)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...
How AI Could Write Our Laws
Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there ...
CVE-2023-1363
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the...
CVE-2023-1363
CVE-2023-1363 affects SourceCodester Computer Parts Sales and Inventory System 1.0. Affected component: Add User Account. The vulnerability arises from manipulating the username argument, triggering cross-site scripting that can be exploited remotely. Multiple sources confirm the issue and note t...
CVE-2023-1363 SourceCodester Computer Parts Sales and Inventory System Add User Account cross site scripting
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the...
Computer Parts Sales and Inventory System 跨站脚本漏洞
Computer Parts Sales and Inventory System is a computer parts sales and inventory system by Warren Daloyan, an individual developer. A cross-site scripting vulnerability exists in SourceCodester Computer Parts Sales and Inventory System version 1.0, which stems from an unknown function present in...
Sql injection
A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file custtransac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2023-1351
CVE-2023-1351 affects SourceCodester Computer Parts Sales and Inventory System 1.0, with a SQL injection in the file cust_transac.php via the phonenumber parameter. The vulnerability can be exploited remotely and exploits have been publicly disclosed. Remediation guidance across sources includes ...
Computer Parts Sales and Inventory System SQL注入漏洞
Computer Parts Sales and Inventory System is a computer parts sales and inventory system by Warren Daloyan, an individual developer. SourceCodester Computer Parts Sales and Inventory System version 1.0 suffers from a SQL injection vulnerability that originates from a security issue in the file...
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU resulting in a denial of service condition.
...
CVE-2023-27486 Insufficient authorization validation between zones when xCAT zones are enabled
xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...
PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time
In the cybersecurity field, we talk a lot about threat actors and vulnerable code, but what doesn’t get discussed enough is intentional vulnerabilities and becoming your own threat actor. Even when making decisions with the best of intentions, it is possible to work against your own best interest...
Malicious code in milo-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86e0a528e7d78836123c80e70f5b1108807ae1c739ab8c65ad4a90702c07dab9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-413 Malicious code in fca-milo-mod (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2da92f220dbfcf8c5ad54661d1c103af95453c437b5f83b868e8d9624dba1856 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-597 Malicious code in milo-cute (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ca097e4b102ba0c7c8c5489364e1ab73a771de2338769b2f99b7cc0d12d31ef8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged...
LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged...
Malicious code in fca-dark-rulex (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dc65e0b0172e4250c22303c0778367df0d04b4256634ccb454dbff9bcd8415e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...