CVE-2022-2679

SourceCodester Interview Management System 1.0 exposes a SQL injection in /viewReport.php via the id parameter (payload shown as UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)). The vulnerability is remotely exploitable and was disclosed publicly. Affected...

PT-2022-18084 · Sourcecodester · Sourcecodester Interview Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Interview Management System version 1.0 Description: A critical issue affects the processing of the file /viewReport.php, where the manipulation of the id argument with a specific input leads to SQL injection. The attack can be...

Interview Management System SQL注入漏洞

Interview Management System is an interview management system for janobe individual developers. A SQL injection vulnerability exists in version 1.0 of Interview Management System, which stems from some unknown handling code in /viewReport.php where entering a special string for the parameter id c...

Interview Management System 跨站脚本漏洞

Interview Management System is an interview management system for janobe individual developers. A cross-site scripting vulnerability exists in version 1.0 of the Interview Management System, which stems from an unknown handling code in the addQuestion.php component that manipulates the question...

[Security Nation] Steve Micallef of SpiderFoot on Open-Source Intelligence

!\Security Nation\ Steve Micallef of SpiderFoot on Open-Source Intelligencehttps://blog.rapid7.com/content/images/2022/06/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Steve Micallef about SpiderFoot, the open-source intelligence tool of which he is the creato...

A Bootiful Podcast: Kubernetes legend and friend Cora Iberkleid on Tanzu, Cartographer, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Kubernetes legend and fellow Tanzu Developer Advocate Cora Iberkleid @ciberkleid about Kubernetes and Cartographer supply chains...

A Bootiful Podcast: EasyMock contributor, Java Champion, and Java luminary Henri Tremblay

Hi, Spring fans! In this episode, Josh Long @starbuxman talks to fellow Java Champion, EasyMock engineer, and Java luminary, JUG leader, and legend Henri Tremblay @henritremblay...

A Bootiful Podcast: Simon Ritter, Java Champion and deputy CTO at Azul

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Azul Deputy CTO and Javas own mad scientist and luminary Simon Ritter @speakjava...

7 Rapid Questions: Meet Adrian Stewart, Aspiring Pilot Turned Product Manager

Welcome back to 7 Rapid Questions, our blog series where we ask passionate leaders at Rapid7 how they’re challenging convention and making an impact. In this installment, we talk to Adrian Stewart, a product manager working on InsightAppSec, Rapid7’s dynamic application security testing DAST tool...

IRS: Selfies Now Optional, Biometric Data to Be Deleted

The U.S. Internal Revenue Service IRS said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, the privately-held Virginia company that runs t...

Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Vulnerability

Exploit Title: Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSREGFILEDIALOGSPOOFMITIGATIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSe...

Microsoft Windows .Reg File Dialog Spoofing / Mitigation Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSREGFILEDIALOGSPOOFMITIGATIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com A file with the .reg file extension is a...

PSA: Widespread Remote Working Scam Underway

Ive just gotten off the phone with a victim of the scam that Im about to describe. This is impacting a lot of folks, so please do spread the word. Its infuriating. Ill be around to reply to your comments below, but please do not engage in victim-blaming, because until youve actually been hit by o...

What Happened to Facebook, Instagram, & WhatsApp?

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We dont yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other...

#LetsTalkSecurity - Security at the Speed of Change

Let's Talk Security: Season 02 // Episode 05: Host, Rik Ferguson, interviews Vice President and Chief Information Security Officer for Carrier, Nicole Darden Ford. Together they discuss the changing cybersecurity landscape...

#LetsTalkSecurity: What Could Possibly Go Wrong?

Let's Talk Security: Season 02 // Episode 04: Host, Rik Ferguson, interviews the Head of Cyber Security for Moonpig, Tash Norris. Together they question, what could go wrong in the world of cyber security?...

How to Tell a Job Offer from an ID Theft Trap

One of the oldest scams around -- the fake job interview that seeks only to harvest your personal and financial data -- is on the rise, the FBI warns. Heres the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job...

Talos Takes Ep. #40: Takeaways from interviewing a ransomware operator

The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. This week, we have two guests on a Talos Takes first! to discuss our recent research paper on the LockBit ransomware. Two of the authors,...

Ex-CISA Head Chris Krebs: ‘Impeachment Is the Right Mechanism’

In an interview with WIRED, the famously fired DHS official shared insights on election security, disinformation, SolarWinds—and what to do about Trump...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Im speaking online as part of Western Washington Universitys Internet Studies Lecture Series on January 20, 2021. Im speaking online at ITU Denmark on February 2, 2021. Details to come. Im being interviewed by Keith Cronin as part ...