Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SD...

Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation

The plugin does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a file and a suitable gadget chain is present...

What Developers Need to Fight the Battle Against Common Vulnerabilities

Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and...

Movie Ticket Booking System 安全漏洞

Movie Ticket Booking System is a movie ticket booking system by Aman sharma individual developer. Movie Ticket Booking System has a security vulnerability that stems from a problem with unknown code in the file booking.php, where manipulation of the parameter id can lead to sql injection...

This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo com.vanjan.sms, had over 100,000 downloads and...

CVE-2022-4189

Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which is caused by insufficient policy enforcement in DevTools. An attacker could exploit this vulnerability to bypass security restrictions...

Canteen Management System 安全漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A security vulnerability exists in Canteen Management System that stems from cross-site scripting due to incorrect manipulation of the parameter brandname...

The vulnerability of the Mixed Reality Developer Tools component for Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Mixed Reality Developer Tools component for Windows operating systems is related to deficiencies in the system’s controlled area segmentation. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Super Xray Code Issue Vulnerability

Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A code issue exists in versions of Super Xray prior to 0.7, which stems from a program configuration that confirms that trusted inputs will be stored in a yaml file, which can be exploited by an attacker with...

CVE-2022-29832

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

JVN#87895771: Cybozu Remote Service vulnerable to Uncontrolled Resource Consumption

Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Impact A logged-in user may consume huge storage space, resulting to a denial-of-service DoS condition. Solution Update the Software Update to the latest version according to the information...

CVE-2022-29832

CVE-2022-29832 describes a Cleartext Storage of Sensitive Information in Memory issue affecting Mitsubishi Electric GX Works3 (versions 1.015R and later), GX Works2 (all versions), and GX Developer (8.40S and later). The vulnerability enables remote unauthenticated disclosure of sensitive informa...

CVE-2022-29832

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

This Android File Manager App Infected Thousands of Devices with SharkBot Malware

The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecuri...

Unspecified Vulnerability in Super Xray

Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A security vulnerability exists in Super Xray version 0.2-beta Linux and Mac OS systems, which can be exploited by attackers to elevate privileges...

PT-2022-19862 · Mitsubishi · Gx Works3 +2

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation GX Works3 versions 1.015R and later Mitsubishi Electric Corporation GX Works2 all versions Mitsubishi Electric Corporation GX Developer versions 8.40S and later Description: The issue allows a remote...

Event Registration App CSV Injection Vulnerability

Event Registration App is a JavaScript application for registering event participants by Carlo Montero Personal Developer. A CSV injection vulnerability exists in Carlo Montero Event Registration App v1.0, which stems from improper use of the formula elements of the First Name, Contact, and Remar...

Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...