5335 matches found
SYS.1.3.A5
Wenn zu installierende Software aus Quellcode kompiliert werden soll, DARF diese NUR unter einem unprivilegierten Benutzeraccount entpackt, konfiguriert und uebersetzt werden. Anschliessend DARF diezu installierende Software NICHT unkontrolliert in das Wurzeldateisystem des Servers installiert...
Sticky Notes Apps Using JavaScript 1.0 Cross Site Scripting
Exploit Title: Sticky Note Apps using JavaScript | Stored Cross Site Scripting Exploit Author: Richard Jones Date: 2021-03-09 Vendor Homepage: https://www.sourcecodester.com/javascript/14742/sticky-note-apps-using-javascript-source-code.html Software Link:...
Hotel And Lodge Management System 1.0 Shell Upload
Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Date: 07-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html...
Online Ordering System 1.0 Shell Upload
Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Date: 04/03/2021 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: 1.0...
Gab's CTO Introduced a Critical Vulnerability to the Site
A review of the open source code shows an account under the executive's name made a mistake that could lead to the kind of breach reported this weekend...
Threatspec - Continuous Threat Modeling, Through Code
Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source...
OWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web Security Scanner
OWASP ASST Automated Software Security Toolkit | A Novel Open Source Web Security Scanner. Note: AWSS is the older name of ASST Introduction Web applications have become an integral part of everyday life, but many of these applications are deployed with critical vulnerabilities that can be fatall...
Covid-19 Contact Tracing System 1.0 - Remote Code Execution Exploit
Exploit Title: Covid-19 Contact Tracing System 1.0 - Remote Code Execution Unauthenticated Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...
Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated) Exploit
Exploit Title: Simple Employee Records System 1.0 - File Upload RCE Unauthenticated Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/11393/employee-records-system.html Software Link:...
Doctor Appointment System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Doctor Appointment System 1.0 - Reflected POST based Cross Site Scripting XSS in comment parameter CVE: CVE-2021-27317 Exploit Author: Soham Bakore Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...
Microsoft open sources CodeQL queries used to hunt for Solorigate activity
A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, suc...
Vehicle Parking Management System 1.0 - (catename) Persistent Cross-Site Scripting Vulnerability
Exploit Title: Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting XSS Exploit Author: Tushar Vaidya Vendor Homepage: https://www.sourcecodester.com/php/14415/vehicle-parking-management-system-project-phpmysql-full-source-code.html Software Link:...
eChat 1.0 SQL Injection
Exploit Title: eChat | Time-Based Blind SQL Injection Exploit Author: [email protected] Date: 2021-02-21 Vendor Homepage: https://www.sourcecodester.com/php/10498/echat-simple-chat-system-app-using-phpmysql.html Software Link:...
SolarWinds hackers accessed source code of Azure, Exchange, Intune
By Deeba Ahmed The US has blamed Russia for attacks carried out by SolarWinds hackers. Here's what Microsoft has revealed about the recent development. This is a post from HackRead.com Read the original post: SolarWinds hackers accessed source code of Azure, Exchange, Intune...
IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2021-11360)
IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. An attacker could exploit thi...
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company’s internal systems or products to attack other victims. That’s the final verdict this week by the tech giant now that it’s completed a...
SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune
Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure...
SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune
Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure...
CVE-2021-20407
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185...
CVE-2021-20407
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185...