CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

Customer Support System 1.0 Cross Site Scripting

Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Date: 28/11/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

CVE-2024-39130

A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream at /src/DumpStream.cpp...

The Windows Registry Adventure #3: Learning resources

Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry...

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

MAL-2024-6611 Malicious code in answers_ruby-client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3852 Malicious code in wallet-connect-live-app (npm)

--- -= Per source details. Do not edit below this line.=-...

OS Command Injection

php81 is vulnerable to OS Command Injection. The vulnerability is due to misinterpretation of characters in the command line by the PHP CGI module when using certain code pages on Windows. This may allow a malicious user to pass options to the PHP binary, potentially revealing source code, runnin...

IntelBroker Hacker Claims Apple Breach, Steals Source Code for Internal Tools

Notorious hacker IntelBroker claims to have breached Apple, stealing source code for internal tools. Learn about the alleged breach and IntelBroker's history of targeting major companies and government entities...

Magbanua Beach Resort Online Reservation System Code Issue Vulnerability

Magbanua Beach Resort Online Reservation System is itsourcecode open source a beach resort hotel online reservation system Magbanua Beach Resort Online Reservation System 1.0 and earlier versions have a code issue vulnerability, the vulnerability stems from the parameter image in the file...

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter...

Payroll Management System 1.0 Remote Code Execution

Exploit Title: Payroll Management System v1.0 RCE Unauthenticated Google Dork: intitle:"Employee's Payroll Management System" Date: 16/06/2024 Exploit Author: ShellUnease Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets...

Lost And Found Information System 1.0 SQL Injection

Exploit Title: Unauthenticated Blind Time-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...

Lost And Found Information System 1.0 SQL Injection

Exploit Title: Unauthenticated Blind Boolean-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...

BIT-PHP-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

CVE-2024-4577

A flaw was found in PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. When using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use the "Best-Fit" behavior to replace characters in the command line given to Win32 API functions...

Hackers Leak 270GB of New York Times Data and Source Code on 4Chan

The New York Times suffered a major data breach! Leaked data includes source code, user info, and potentially…...

AZL-42433 CVE-2024-4577 affecting package php for versions less than 8.3.8-1

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...