CVE-2024-12995 ruifang-tech Rebuild Project Tasks Section tasks cross site scripting

A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Section. The manipulation of the argument description leads to cross site scripting. It is possible t...

CVE-2024-12995

CVE-2024-12995 affects ruifang-tech Rebuild 3.8.6, specifically the Project Tasks Section/enterable file path /project/050-9000000000000001/tasks where manipulation of the description parameter enables cross-site scripting. The issue can be triggered remotely and the exploit has been disclosed pu...

Ruifang-tech Rebuild 代码注入漏洞

Ruifang-tech Rebuild is a zero-code, open-source and free enterprise management system from China Ruifang Ruifang-tech. A code injection vulnerability exists in Ruifang-tech Rebuild version 3.8.6, which stems from a misuse of the parameter description that can lead to cross-site scripting...

PT-2024-17857 · Ruifang Tech · Ruifang-Tech Rebuild

Name of the Vulnerable Software and Affected Versions: ruifang-tech Rebuild version 3.8.6 Description: A vulnerability has been found in the Project Tasks Section component, affecting an unknown part of the file /project/050-9000000000000001/tasks. The manipulation of the description argument lea...

CVE-2024-12990 ruifang-tech Rebuild Admin Verification Page admin-verify redirect

A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input http://localhost/evil.html leads to open...

CVE-2024-12990 ruifang-tech Rebuild Admin Verification Page admin-verify redirect

A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input http://localhost/evil.html leads to open...

CVE-2024-12990

The CVE-2024-12990 entry concerns ruifang-tech Rebuild 3.8.6, specifically the Admin Verification Page file /user/admin-verify. The vulnerability arises from manipulating the nexturl parameter (e.g., http://localhost/evil.html), causing an open redirect. It can be exploited remotely and has been ...

Take Command of Your Career: Practicing Self-Advocacy as a Woman in Tech

As the year draws to a close, it’s essential—and often expected—to reflect on our achievements and lessons learned in preparation for annual performance reviews and setting future goals.For women in tech, this reflection period can be an especially powerful tool. The industry often demands that...

Low: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.3 bugfix release

Red Hat Developer Hub 1.3.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2024-12665

CVE-2024-12665 affects ruifang-tech Rebuild 3.8.5; the issue is a cross-site scripting vulnerability in an unknown function of the Task Comment Attachment Upload component. The manipulation enables remote execution of XSS and can be exploited remotely; the exploit has been disclosed publicly. The...

CVE-2024-12665 ruifang-tech Rebuild Task Comment Attachment Upload cross site scripting

A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-12664 ruifang-tech Rebuild Project Task Comment cross site scripting

A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2024-12664 ruifang-tech Rebuild Project Task Comment cross site scripting

A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

PT-2024-17705 · Ruifang Tech · Ruifang-Tech Rebuild

Name of the Vulnerable Software and Affected Versions: ruifang-tech Rebuild version 3.8.5 Description: A problematic issue has been found in the Project Task Comment Handler component, leading to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2023-28165

Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28...

Trust Issues in AI

This essay was written with Nathan E. Sanders. It originally appeared as a response to Evgeny Morozov in Boston Review's forum, "The AI We Deserve." For a technology that seems startling in its modernity, AI sure has a long history. Google Translate, OpenAI chatbots, and Meta AI image generators...

A week in security (December 2 – December 8)

Last week on Malwarebytes Labs: Europol takes down criminal data hub Manson Market in busy month for law enforcement Americans urged to use encrypted messaging after large, ongoing cyberattack Crypto’s rising value likely to bring new wave of scams AI chatbot provider exposes 346,000 customer...

With Threats to Encryption Looming, Signal’s Meredith Whittaker Says ‘We’re Not Changing’

At WIRED’s The Big Interview event, the president of the Signal Foundation talked about secure communications as critical infrastructure and the need for a new funding paradigm for tech...

Repeat offenders drive bulk of tech support scams via Google Ads

Of all the different kinds of malicious search ads we track, those related to customer service are by far the most common. Brands such as PayPal, eBay, Apple or Netflix are among the most coveted ones as they tend to drive a lot of online searches. Tech support scammers are leveraging Google ads ...

The Pressure Is on for Big Tech to Regulate the Broken Digital Advertising Industry

Brands have been at the mercy of the algorithm when it comes to where their ads appear online, but they’re about to get more control...