606 matches found
CVE-2023-44752
CVE-2023-44752 affects the Student Study Center Desk Management System v1.0. A crafted GET request to /php-sscdms/admin/login.php can bypass authentication, enabling unauthorized access with total impact (confidentiality, integrity, availability = HIGH). Exploitability is network-based with low c...
CVE-2023-44752
An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php...
Student Study Center Desk Management System 安全漏洞
Student Study Center Desk Management System is a student learning management system from the individual developer Carlo Montero. A security vulnerability exists in Student Study Center Desk Management System v1.0, which can be exploited to bypass authentication via a specially crafted GET request...
CVE-2023-44752
An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php...
Mining Characteristics of Vulnerable Smart Contracts across Lifecycle Stages
Smart contracts are the cornerstone of decentralized applications and financial protocols, which extend the application of digital currency transactions. The applications and financial protocols introduce significant security challenges, resulting in substantial economic losses. Existing solution...
Breaking the Prompt Wall (I): a Real-World Case Study of Attacking ChatGPT Via Lightweight Prompt Injection
Whitepaper called Breaking The Prompt Wall I: A Real-World Case Study Of Attacking ChatGPT Via Lightweight Prompt Injection...
Cybersquatting in Web3: the Case of NFT
Cybersquatting refers to the practice where attackers register a domain name similar to a legitimate one to confuse users for illegal gains. With the growth of the Non-Fungible Token NFT ecosystem, there are indications that cybersquatting tactics have evolved from targeting domain names to NFTs...
Can LLMs Handle WebShell Detection? Overcoming Detection Challenges with Behavioral Function-Aware Framework
WebShell attacks, in which malicious scripts are injected into web servers, are a major cybersecurity threat. Traditional machine learning and deep learning methods are hampered by issues such as the need for extensive training data, catastrophic forgetting, and poor generalization. Recently, Lar...
Distributed Cloud Solutions and AI: Key Findings from Forrester's 2024 Study
...
Is Security Human Factors Research Skewed Towards Western Ideas and Habits?
Really interesting research: "How WEIRD is Usable Privacy and Security Research?" by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama: Abstract : In human factor fields such as human-computer interaction HCI and psychology, researchers have been concerned that participants mostly come from...
Silk Typhoon targeting IT supply chain
Executive summary: Microsoft Threat Intelligence identified a shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions like remote management tools and cloud applications to gain initial access. While they haven't been observed directly targeting Microsoft...
Exploit for Cross-site Scripting in Phpgurukul Student_Study_Center_Management_System
Published-CVE This repository contains descriptions and explo...
USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multifactor Authentication
Today, the Cybersecurity and Infrastructure Security Agency CISA and the U.S. Department of Agriculture USDA released Phishing-Resistant Multifactor Authentication MFA Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authenticatio...
CVE-2024-9850 SVG Case Study <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...
CVE-2024-9850 SVG Case Study <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...
WordPress plugin SVG Case Study 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...
WordPress SVG Case Study plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin SVG Case Study versions = 1.0...
WordPress SVG Case Study Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software SVG Case Study Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9850 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 170c145ba154 Credits Francesco Carlucci Required...
PT-2024-39887 · WordPress · Svg Case Study
Name of the Vulnerable Software and Affected Versions: SVG Case Study plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...
TikTok Pixel Privacy Nightmare: A New Case Study
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers wit...