CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

0day.today•added 2023/03/20 12:0 a.m.•234 views

Medicine Tracker System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Medicine Tracker System - Cross Site Scripting Vulnerability Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html Software...

7.1AI score

Qualys Blog•added 2023/03/16 2:16 p.m.•28 views

A New Approach to Discover, Monitor, and Reduce Your Modern Web Attack Surface

Web applications reign the internet universe, but also bring new risks that let attackers poke holes in an ever-expanding attack surface. Stolen credentials have been the historical culprit. Recent analysis saw a spike in exploits targeting web applications directly through specially-crafted...

0.4AI score

Fedora•added 2023/03/14 12:24 a.m.•55 views

[SECURITY] Fedora 38 Update: chromaprint-1.5.1-8.fc38

Chromaprint library is the core component of the AcoustID project. It's a client-side library that implements a custom algorithm for extracting fingerprints from raw audio sources. The library exposes a simple C API. The documentation for the C API can be found in the main header file. License fo...

8.8CVSS7.4AI score0.01118EPSS

NVD•added 2023/03/13 9:15 p.m.•8 views

CVE-2023-27583

PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key PanIndex is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, on...

9.8CVSS9.6AI score0.00883EPSS

Exploits0References3

Prion•added 2023/03/13 9:15 p.m.•13 views

Hardcoded credentials

7.5CVSS9.4AI score0.00883EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/03/13 8:33 p.m.•13 views

CVE-2023-27583 Panindex uses hard coded cyptographic key

9.8CVSS9.7AI score0.00883EPSS

Exploits0References3

OSV•added 2023/03/13 8:33 p.m.•27 views

CVE-2023-27583 Panindex uses hard coded cyptographic key

9.8CVSS9.2AI score0.00883EPSS

Exploits0References5

Veracode•added 2023/03/11 7:20 p.m.•32 views

Command Injection

emacs is vulnerable to Command Injection. An attacker can inject and execute malicious commands via shell metacharacters in the name of a source-code file because etags.c uses the system C library function to implement the etags program...

9.8CVSS9.1AI score0.01603EPSS

Exploits0References8Affected Software1

0day.today•added 2023/03/06 12:0 a.m.•490 views

Purchase Order Management 1.0 Cross Site Scripting Vulnerability

Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload. Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Vendor:...

6.7AI score

OSV•added 2023/03/04 12:0 a.m.•9 views

MAL-2023-1227 Malicious code in lime-web-component-interfaces (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 94eb9bf47469857d8b3e3da68a34e320a0c7b1129a7b260fafe36dea5396cc0c Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

7.5AI score

The Hacker News•added 2023/03/02 11:21 a.m.•100 views

Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

A malicious Python package uploaded to the Python Package Index PyPI has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind...

The Hacker News•added 2023/02/28 6:16 a.m.•36 views

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...

0.3AI score

OSV•added 2023/02/27 3:21 p.m.•10 views

MAL-2023-6625 Malicious code in selfsplitreplacecraft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7df84fb9d259d10ace99c1e37391c7d1a2a641f28aa55e746f5bca57e8b03488 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Krebs on Security•added 2023/02/27 4:15 a.m.•22 views

When Low-Tech Hacks Cause High-Impact Breaches

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddys admission that i...

0.4AI score

OSV•added 2023/02/26 8:15 p.m.•8 views

MAL-2023-7303 Malicious code in tposintadget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 09d7c9df1859042d6bf492ed412327a819ba78649e3175f7c9f05953d096b30c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

OSV•added 2023/02/25 11:30 p.m.•11 views

MAL-2023-7714 Malicious code in tpvirtualramget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e1d5d9368eb71fed1c146965eb23d9fc0f5eeda9d35ab57a5342f84481e6c5a7 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

OSV•added 2023/02/25 11:24 p.m.•7 views

MAL-2023-7112 Malicious code in tphttpgetvisa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8650b4c7448722b292dd7a51f0f9b4295b61260486ce4c61c58adcf391416b70 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

OSV•added 2023/02/25 11:6 p.m.•10 views

MAL-2023-5228 Malicious code in py-intelgame (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx eb511632e871dda789a0ef10c17c89b0ec71241a8287ae4344459a74a654ef87 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...