CVE-2022-48149

Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter...

CVE-2022-48149

Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter...

CVE-2022-48149

CVE-2022-48149 affects the Online Student Admission System in PHP Free Source Code 1.0. The vulnerability is a SQL injection via the username parameter in the login/auth flow. Documented CVSSv3.1 base score 9.8 (CRITICAL) with network attack vector, no privileges required, no user interaction, an...

MAL-2023-1098 Malicious code in @pagseguro/pagseguro-utils-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1ca218112e7cf19df5928168bb7ac862f943cd50af825db0fd09289b710a719d Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

K74013101: Binutils vulnerability CVE-2021-42574

Security Advisory Description An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of...

K65078159: Apache Tomcat vulnerability CVE-2021-24122

Security Advisory Description When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause wa...

CVE-2022-48337

A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file...

CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

Input validation

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

Hackers Stole GoDaddy Source Code in a Multi-Year Data Breach

By Deeba Ahmed The web hosting giant GoDaddy has been rattled by an almost two-year-long data breach that went undetected from 2020 to 2022. This is a post from HackRead.com Read the original post: Hackers Stole GoDaddy Source Code in a Multi-Year Data Breach...

CVE-2022-48337

CVE-2022-48337 affects GNU Emacs up to 28.2. The issue arises from the etags implementation in lib-src/etags.c, which uses the system C library function and does not sanitize input, enabling command execution via shell metacharacters in source-file names (for example, using etags -u * in a direct...

MAL-2023-560 Malicious code in kuna-chart-header (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7b6783077178ab41482bc0e611e487453d9b0254e1e1ad5684b89472b002b2b4 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-701 Malicious code in prize-market (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1158c7ff397e59bc3ac71f973b0f8011d57ebb50ed376f780513195f5c97f596 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services. The company attributed the campaign to a "sophisticated and organized group targeting hosting...

GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services. The company attributed the campaign to a "sophisticated and organized group targeting hosting...

MAL-2023-111 Malicious code in attribution-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5afc91a8d62e415d605efc5e9b132faa79e4d67b5aa087375dff9b544b70715c Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

FreeBSD-SA-23:02.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:02.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication double free Category: contrib Module: openssh Announced: 2023-02-16...

SUSE CVE-2006-6104

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to 1 read source code by appending a space %20 to a URI, and 2 read credentials via a request for Web.Config%20...

SUSE CVE-2007-5473

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing 1 space or 2 dot, which is not properly handled by XSP...