CVE-2023-36376

Cross-Site Scripting XSS vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section...

PT-2023-25561 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: Hostel Management System version 2.1 Description: A Cross-Site Scripting XSS issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the add course section. Recommendations: For Hostel Management...

CVE-2023-37063

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section...

Of sharks, surveillance, and spied-on emails: This is Section 702, with Matthew Guariglia

In the United States, when the police want to conduct a search on a suspected criminal, they must first obtain a search warrant. It is one of the foundational rights given to US persons under the Constitution, and a concept that has helped create the very idea of a right to privacy at home and...

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

Moderate: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

PT-2023-11498 · Unknown · Chaoji Cms

Name of the Vulnerable Software and Affected Versions: Chaoji CMS version 2.18 Description: A stored cross site scripting XSS issue in the /index.php?admin-master-article-edit endpoint of Chaoji CMS allows attackers to obtain administrator privileges. Recommendations: For Chaoji CMS version 2.18,...

RLSA-2023:3584 Important: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

fastCMS Blogging 3.1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Important: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

Important: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

CVE-2023-35852

In Suricata before 6.0.13 when there is an adversary who controls an external source of rules, a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring...

Important: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Teachers Record Management System 1.0 - File Upload Type Validation Vulnerability

Exploit Title: Teachers Record Management System 1.0 – File Upload Type Validation Date: 17-01-2023 EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3187 =============================== STEPSTOREPRODUCE...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Important: Red Hat Security Advisory: cups-filters security update

An update for cups-filters is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Security 3.74 for Kubernetes security update

An update is now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: a use-after-free when processing maliciously crafted web content CVE-2023-32373 webkitgtk: an out-of-bounds read when processing malicious content CVE-2023-28204 For more details abou...

Important: Red Hat Security Advisory: ACS 4.0 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...