CVE-2023-1568

A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file /admin/reports/index.php of the component GET Parameter Handler. The manipulation of the argument dateto leads to cross site...

CVE-2023-1467

A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=deleteimg of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt...

CVE-2022-47102

A cross-site scripting XSS vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

Modeling Interdependent Privacy Threats

The rise of online social networks, user-gene-rated content, and third-party apps made data sharing an inevitable trend, driven by both user behavior and the commercial value of personal information. As service providers amass vast amounts of data, safeguarding individual privacy has become...

CVE-2010-0157

Directory traversal vulnerability in the Bible Study combiblestudy component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter in a studieslist action to index.php...

In Search of Lost Data: a Study of Flash Sanitization Practices

To avoid the disclosure of personal or corporate data, sanitization of storage devices is an important issue when such devices are to be reused. While poor sanitization practices have been reported for second-hand hard disk drives, it has been reported that data has been found on original storage...

"Explain, Don'T Just Warn!" -- a Real-Time Framework for Generating Phishing Warnings with Contextual Cues

Anti-phishing tools typically display generic warnings that offer users limited explanation on why a website is considered malicious, which can prevent end-users from developing the mental models needed to recognize phishing cues on their own. This becomes especially problematic when these tools...

An Empirical Study of Fuzz Harness Degradation

The purpose of continuous fuzzing platforms is to enable fuzzing for software projects via \emphfuzz harnesses -- but as the projects continue to evolve, are these harnesses updated in lockstep, or do they run out of date? If these harnesses remain unmaintained, will they \emphdegrade over time i...

Large Language Models Are Autonomous Cyber Defenders

Fast and effective incident response is essential to prevent adversarial cyberattacks. Autonomous Cyber Defense ACD aims to automate incident response through Artificial Intelligence AI agents that plan and execute actions. Most ACD approaches focus on single-agent scenarios and leverage...

Unveiling the Landscape of LLM Deployment in the Wild: an Empirical Study

Background: Large language models LLMs are increasingly deployed via open-source and commercial frameworks, enabling individuals and organizations to self-host advanced AI capabilities. However, insecure defaults and misconfigurations often expose LLM services to the public Internet, posing...

An Empirical Study on the Effectiveness of Large Language Models for Binary Code Understanding

Binary code analysis plays a pivotal role in the field of software security and is widely used in tasks such as software maintenance, malware detection, software vulnerability discovery, patch analysis, etc. However, unlike source code, reverse engineers face significant challenges in understandi...

Network Attack Traffic Detection with Hybrid Quantum-Enhanced Convolution Neural Network

The emerging paradigm of Quantum Machine Learning QML combines features of quantum computing and machine learning ML. QML enables the generation and recognition of statistical data patterns that classical computers and classical ML methods struggle to effectively execute. QML utilizes quantum...

Security Bug Report Prediction within and across Projects: a Comparative Study of BERT and Random Forest

Early detection of security bug reports SBRs is crucial for preventing vulnerabilities and ensuring system reliability. While machine learning models have been developed for SBR prediction, their predictive performance still has room for improvement. In this study, we conduct a comprehensive...

CVE-2023-44752

An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php...

DeSIA: Attribute Inference Attacks against Limited Fixed Aggregate Statistics

Empirical inference attacks are a popular approach for evaluating the privacy risk of data release mechanisms in practice. While an active attack literature exists to evaluate machine learning models or synthetic data release, we currently lack comparable methods for fixed aggregate statistics, i...

New whitepaper outlines the taxonomy of failure modes in AI agents

We are releasing a taxonomy of failure modes in AI agents to help security professionals and machine learning engineers think through how AI systems can fail and design them with safety and security in mind. The taxonomy continues Microsoft AI Red Team's work to lead the creation of systematizati...

Snorkeling in Dark Waters: a Longitudinal Surface Exploration of Unique Tor Hidden Services (Extended Version)

The Onion Router Tor is a controversial network whose utility is constantly under scrutiny. On the one hand, it allows for anonymous interaction and cooperation of users seeking untraceable navigation on the Internet. This freedom also attracts criminals who aim to thwart law enforcement...

Evaluating Argon2 Adoption and Effectiveness in Real-World Software

Modern password hashing remains a critical defense against credential cracking, yet the transition from theoretically secure algorithms to robust real-world implementations remains fraught with challenges. This paper presents a dual analysis of Argon2, the Password Hashing Competition winner,...

CVE-2023-44752

An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php...

CVE-2023-44752

An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php...