20 matches found
EUVD-2021-16978
Malware in sbrugna...
DEBIAN-CVE-2022-50406
In the Linux kernel, the following vulnerability has been resolved: iomap: iomap: fix memory corruption when recording errors during writeback Every now and then I see this crash on arm64: Unable to handle kernel NULL pointer dereference at virtual address 00000000000000f8 Buffer I/O error on dev...
Characterising Bugs in Jupyter Platform
As a representative literate programming platform, Jupyter is widely adopted by developers, data analysts, and researchers for replication, data sharing, documentation, interactive data visualization, and more. Understanding the bugs in the Jupyter platform is essential for ensuring its...
CVE-2024-57979 pps: Fix a use-after-free
In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sysexit from gpsd when rebooting: pps pps1: removed ------------ cut here ------------ kobject: 'null' 00000000db4bec24: is not...
CVE-2023-6424
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/diseasesymptomsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...
BigProf Online Clinic Management System Cross-Site Scripting Vulnerability
BigProf Online Clinic Management System is an online clinic management system from BigProf, Inc. A cross-site scripting vulnerability exists in BigProf Online Clinic Management System version 2.2, which stems from a cross-site scripting vulnerability in the FirstRecord parameter of...
PT-2023-32654 · Unknown · Bigprof Online Clinic Management System
Name of the Vulnerable Software and Affected Versions: BigProf Online Clinic Management System version 2.2 Description: A vulnerability has been discovered in the system, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the "/clinic/disease symptoms...
K10701310: BIG-IP may not detect invalid Transfer-Encoding headers
Security Advisory Description This issue occurs when the conditions are met based on the BIG-IP module provisioned and the affected version listed in the following table. Products| Conditions that trigger the issue| Affected versions ---|---|--- BIG-IP LTM| For versions prior to 15.1.0, the...
RemoteClinic 2.0 Cross Site Scripting
Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 13/04/2021 Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034,...
RemoteClinic 2.0 - (Multiple) Stored Cross-Site Scripting (XSS) Vulnerability
Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039,...
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 13/04/2021 Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034,...
CVE-2021-30034
Cross Site Scripting XSS in Remote Clinic v2.0 via the Symptons field on patients/register-report.php...
Saad Irfan RemoteClinic 跨站脚本漏洞
Remote Clinic is an open source clinic management system that allows you to remotely manage your clinic via the Web. A cross-site scripting vulnerability exists in Remote Clinic v2.0. The vulnerability can be exploited to inject arbitrary script or html via the "Symptoms" field in...
HelloKitty: When Cyberpunk met cy-purr-crime
On February 9, after discovering a compromise, CD Projekt Red CDPR announced to its 1+ million followers on Twitter that it was the victim of a ransomware attack against its systems and made it clear they would not yield to the demands of the threat actors, nor negotiate. Cyberpunk 2077, the late...
How AI Is Tracking the Coronavirus Outbreak
Machine-learning programs are analyzing websites, news reports, and social media posts for signs of symptoms, such as fever or breathing problems...
Helping survivors of domestic abuse: What to do when you find stalkerware
We’re going to talk about something different today. We’re going to talk about domestic abuse. Earlier this year, cybersecurity company Kaspersky Lab announced that the latest upgrade to its Android app would inform users about whether their devices were running stealthy, behind-the-scenes...
When spyware goes mainstream
Stealware. Surveillanceware. Stalkerware. These are terms alternately used to effectively identify a file-based threat that has been around since 1996: spyware. More than two decades later, consumer or commercial spyware has gone mainstream, and the surprising number of software designed, openly...
MSRT August 2016 release adds Neobar detection
As part of our ongoing effort to provide better malware protection, the August 2016 release of the Microsoft Malicious Software Removal Tool MSRT includes detections for BrowserModifier: Win32/Neobar, unwanted software, and Win32/Rovnix, a trojan malware family. This blog discusses...
Citrix Provisioning Services Antivirus Best Practices
The environment may experience one or more of the following symptoms if the antivirus client is impacting either the Target Devices or PVS Servers. - Target Devices running the VDA software may appear power state unknown and no longer registered whenlooking at them via Studio or Director. -...
TDSS Rootkit and DNSchanger: An Unholy Alliance
The TDSS rootkit has proven to be more pliable and adaptable than a campaigning politician, and attackers have used it in various forms for the last three or four years for all sorts of different attacks. It shows up in drive-by downloads, targeted attacks and just about everything in between, an...