367 matches found
CVE-2021-42664
A Stored Cross Site Scripting XSS Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the 1 Quiz title and 2 quiz description parameters to addquiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which c...
CVE-2021-42671
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in niamunozmonitoringsystem/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of...
CVE-2021-42669
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboardteacher.php, which allows changing the avatar through teacheravatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By...
CVE-2021-42665
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication...
New whitepaper outlines the taxonomy of failure modes in AI agents
We are releasing a taxonomy of failure modes in AI agents to help security professionals and machine learning engineers think through how AI systems can fail and design them with safety and security in mind. The taxonomy continues Microsoft AI Red Team's work to lead the creation of systematizati...
CVE-2024-35244
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords e.g., by examining the coredump, these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refe...
World Tour Survey: Cloud Engineers Wrestle with Risk
Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what cloud security engineers teams had to say...
PT-2025-20833
Name of the Vulnerable Software and Affected Versions: GNUScreen version 5.0.1 and earlier Description: The issue affects Linux administrators, cloud engineers, and developers. It is related to a root privilege escalation flaw. Recommendations: For versions prior to 5.0.1, update to version 5.0.1...
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea DPRK, has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The...
CVE-2024-35244
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords e.g., by examining the coredump, these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refe...
CVE-2024-35244
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords e.g., by examining the coredump, these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refe...
CVE-2024-35244
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords e.g., by examining the coredump, these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refe...
CVE-2024-35244
Sharp MFPs (Sharp Multifunction Printers) are affected by CVE-2024-35244 due to trust‑management issues that allow use of hard‑coded or easily obtainable credentials via maintenance accounts. Affected functionality can be abused to re‑configure devices, with risk to confidentiality and integrity ...
PT-2024-26405 · Sharp +1 · Multiple Mfps
Name of the Vulnerable Software and Affected Versions: No specific product names, model numbers, or versions are mentioned in the provided descriptions. Description: There are several hidden accounts, some of which are intended for maintenance engineers. With knowledge of their passwords, these...
Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security
wordpress-really-simple-security-authn-bypass-exploit This is...
CVE-2024-47833
Taipy (Python library) is affected by a vulnerability where session cookies are served without Secure and HTTPOnly flags in affected versions prior to 4.0.0. The issue is documented across multiple sources (CVE record, Red Hat, OSV, GitHub GHSA advisory) and is explicitly addressed in release 4.0...
Transform Your CAD Workflow with Parametric Modeling
Designers and engineers are always searching for tools to speed up their work and create more complex designs.…...
CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...
SUSE CVE-2023-5281
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file removeinboxmessage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n arson when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...