139 matches found
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?
SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough due...
CVE-2024-4909
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/studentduepayment.php. The manipulation of the argument dueyear leads to sql injection. It is possible to launch the attack...
Campcodes Complete Web-Based School Management System 安全漏洞
Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System that stems from an SQL injection vulnerability in the dueyear parameter of...
CVE-2024-4650
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/studentduepayment.php. The manipulation of the argument duemonth leads to cross site scripting. The attack can be initiated...
CVE-2024-4650 Campcodes Complete Web-Based School Management System student_due_payment.php cross site scripting
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/studentduepayment.php. The manipulation of the argument duemonth leads to cross site scripting. The attack can be initiated...
CVE-2024-4650
CVE-2024-4650 affects Campcodes Complete Web-Based School Management System 1.0. A cross-site scripting flaw exists in the due_month parameter of /view/student_due_payment.php, allowing remote exploitation. The issue stems from manipulation of due_month in that script, enabling XSS. Public exploi...
Complete Web-Based School Management System 跨站脚本漏洞
Campcodes Complete Web-Based School Management System is a web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Complete Web-Based School Management System, which stems from a cross-site scripting vulnerability in the duemonth...
Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within...
Navigating the perilous waters of conference invitations
TL:DR Being asked to speak at events is great …except when it looks like a scam or a phishing attempt This is walkthrough of my experience If you think it’s a scam, it probably is Its a typical Sunday evening, and as Im gearing up for the week ahead and an interesting email lands in my inbox. The...
Advice for manufacturers on the coming PSTI regulation
TL;DR PSTI: The UK Product Security and Telecommunications Infrastructure Product Security Act Regulations effective from 29 April 2024 Assess how, where, why, and when you may be affected Review supply chain and in-house teams for compliance readiness Specific obligations for manufacturers,...
Open redirect
Rejected reason: This is unused...
CVE-2023-27260
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
IDAttend IDWeb SQL Injection Vulnerability
IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from an unauthenticated SQL injection in the GetAssignmentsDue method...
IDAttend IDWeb SQL Injection Vulnerability
IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from an unauthenticated SQL injection in the GetAssignmentsDue method...
PT-2023-21041 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns an unauthenticated SQL injection in the GetAssignmentsDue method. This allows unauthenticated attackers to extract or modify all data. Recommendations: For version...
Diligere, Equity-Invest Are New Firms of U.K. Con Man
John Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest.ch, and...
FBI Alert: Crypto Scammers are Masquerading as NFT Developers
The U.S. Federal Bureau of Investigation FBI is warning about cyber crooks masquerading as legitimate non-fungible token NFT developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer...
Financial services company OneMain fined $4.25 million for security lapses
A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par,...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18-openssl (SUSE-SU-2023:2312-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2312-1 advisory. - Add subpackage go1.x-libstd compiled shared object libstd.so jscPED-1962 Main go1.x package...
ALPINE-CVE-2023-28320
A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...