What’s New for Developers: August 2022

This August’s developer update brings you some of the things we’ve been most excited to tell you about. We’re highlighting Terraform updates and more...

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks

The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages. "This is the first known phishing attack against PyPI," the maintainers of the official third-party...

aterteramo.it Cross Site Scripting vulnerability OBB-2848491

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Visual Portfolio < 2.19.0 - Contributor+ CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts The postid is the ID of a saved layout As a contributor, get a REST nonce via...

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer

Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flo...

Meet Tim Vereecke: Technical Solutions Architect

Tim Vereecke, technical solutions architect at Akamai, discusses how he uses a developer-first mindset to find internet performance solutions...

Simple E-Learning System Arbitrary File Download Vulnerability

Simple E-Learning System is a simple e-learning system by Carlo Montero's personal developer. simple E-Learning System is vulnerable to an arbitrary file download vulnerability, which stems from a lack of validation of external input data in the downloadFiles.php parameter download. validation. A...

CVE-2022-30573

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a...

CVE-2022-30574 TIBCO eFTL Secret Jacking

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterpri...

CVE-2022-30573

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a...

CVE-2022-30574

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterpri...

TIBCO Software FTL 安全漏洞

TIBCO Software FTL is an application-to-application messaging system from TIBCO Software, USA. It is designed for low latency and high performance. A security vulnerability exists in TIBCO Software FTL that could allow a low-privileged attacker with network access privileges to execute an elevati...

PT-2022-20181 · Tibco Software · Tibco Ftl

Name of the Vulnerable Software and Affected Versions: TIBCO FTL - Community Edition versions 6.0.0 through 6.8.0 TIBCO FTL - Developer Edition versions 6.0.1 through 6.8.0 TIBCO FTL - Enterprise Edition versions 6.0.0 through 6.7.3 TIBCO FTL - Enterprise Edition version 6.8.0 Description: The...

KLA12605 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in .NET can be exploited remotely to spoof user interface. ...

CVE-2022-36833

Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name...

CVE-2022-2497

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL...

CVE-2022-2497

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Game Optimizing Service version 3.5.04.8, which stems from an improper privilege management vulnerabilit...

Loan Management System OOP SQL注入漏洞

Loan Management System OOP is a loan management system by razormist individual developers. A SQL injection vulnerability exists in Loan Management System OOP, which results from a sql injection caused by the parameter lplanid...

WordPress Blog2Social Plugin <= 5.5.0 SQLi Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...