Cross site scripting

Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters...

The vulnerability of the /login.php component of the user registration and login system, PHP-MYSQL-User-Login-System, allows a hacker to disclose protected information.

The vulnerability of the /login.php component of the PHP-MYSQL-User-Login-System registration and login system is related to the disclosure of information through the source code. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

CVE-2023-43292

CVE-2023-43292 is a Cross-Site Scripting vulnerability in the web application "My Food Recipe Using PHP with Source Code" v1.0. Public sources describe that a crafted payload in the Recipe Name, Procedure, or ingredients parameters can allow a local attacker to execute arbitrary code. Multiple bu...

CVE-2023-43292

Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters...

Russian Midnight Blizzard Hackers Breached Microsoft Source Code

By Deeba Ahmed Midnight Blizzard aka Cozy Bear and APT29 originally breached Microsoft on January 12, 2024. This is a post from HackRead.com Read the original post: Russian Midnight Blizzard Hackers Breached Microsoft Source Code...

CVE-2024-2355 keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secretcoder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched...

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data...

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard aka APT29 or Cozy Bear managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that...

Fedora: Security Advisory for jdeparser (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jdeparser-2.0.3-17.fc40

This project is a fork of Sun's now Oracle's com.sun.codemodel project. We decided to fork the project because by all evidence, the upstream project is dead and not actively accepting outside contribution. All JBoss projects are urged to use this project instead for source code generation...

[SECURITY] Fedora 40 Update: javaparser-3.25.8-3.fc40

This package contains a Java 1 to 13 Parser with AST generation and visitor support. The AST records the source code structure, javadoc and comments. It is also possible to change the AST nodes or create new ones to modify the source code...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The explo...

CVE-2024-2265 keerti1924 PHP-MYSQL-User-Login-System login.sql inclusion of sensitive information in source code

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The explo...

CVE-2024-2265

CVE-2024-2265 affects the keerti1924 PHP-MYSQL-User-Login-System 1.0. The issue is in an unknown part of login.sql and results in inclusion of sensitive information in the source code, exposing confidential data. Attacks are described as remote, with the exploit publicly disclosed. Multiple conne...

BIT-GITLAB-2020-13261

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...

BIT-GITLAB-2023-1178

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...

BIT-GITLAB-2023-3413 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to...

BIT-GRAFANA-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

BIT-GOLANG-2023-24537 Infinite loop in parsing in go/scanner

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

BIT-GITLAB-2023-6051 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag...