[SECURITY] Fedora 38 Update: rubygem-activemodel-7.0.4.3-1.fc38

A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing...

Weblate: Testing flow includes a DeepSource secret

The testing workflow for the WeblateOrg/wlc repository included a DeepSource secret, which could have allowed a malicious actor to access parts of the repository and report artifacts to DeepSource. The recommended usage would have been to create a GitHub action environment secret and call it at...

3 tips to raise your backup game

If there was an award for "most overlooked really important thing in computing", backups would win. Every year. So let's put that right and spend a minute or two thinking about backups. Backups are great! Having backups is like having a do-over for your mistakes, and who hasn't wished for that? A...

Senayan Library Management System v9.0.0 - SQL Injection

Exploit Title: Senayan Library Management System v9.0.0 - SQL Injection Author: nu11secur1ty Date: 11.09.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.0.0/slims9bulian-9.0.0.zip Reference:...

vulhub

This repository is an offensive tool for a web application vulnerability training platform, 'Vulhub'. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains various vulnerable applications, including web servers, databases, and other...

Ether Locked when Attempting to Call stake() during Setup

Lines of code Vulnerability details Impact During the period between the deployment of the SafEth contract and the addition of derivatives, there is a possibility for users to send Ether to the contract using the stake payable function. In this scenario, the funds will become locked and...

ClicShopping v3.402 - Cross-Site Scripting (XSS)

Title: ClicShopping v3.402 - Cross-Site Scripting XSS Author: nu11secur1ty Date: 11.20.2022 Vendor: https://www.clicshopping.org/forum/ Software: https://github.com/ClicShopping/ClicShoppingV3/releases/tag/version3402 Reference:...

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

Malicious code in testing-dummy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 134e6deeec000537eb2ce8b8c8f531fc97c037638ba5d40ae80e0231861cc595 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-855 Malicious code in testing-dummy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 134e6deeec000537eb2ce8b8c8f531fc97c037638ba5d40ae80e0231861cc595 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo

Malicious actors are constantly adapting their tactics, techniques, and procedures TTPs to adapt to political, technological, and regulatory changes quickly. A few emerging threats that organizations of all sizes should be aware of include the following: Increased use of Artificial Intelligence a...

Social-Share-Buttons v2.2.3 - SQL Injection Vulnerability

Title: Social-Share-Buttons v2.2.3 - SQL Injection Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...

Beauty salon v1.0 - Remote Code Execution Exploit

Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...

The vulnerability of the microprogramming software of Triconex Model 3009/3009X MP processors and the communication module Tricon Communications Module, related to insufficient testing of exceptional states, allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software of the Triconex Model 3009/3009X MP processors and the Tricon Communications Module is related to insufficient testing of exceptional states. Exploiting this vulnerability can allow attackers to trigger service failures using specially crafted...

The vulnerability of the microprogramming software of Triconex Model 3009/3009X MP processors and the communication module Tricon Communications Module, related to insufficient testing of exceptional states, allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software of the Triconex Model 3009/3009X MP processors and the Tricon Communications Module is related to insufficient testing of exceptional states. Exploiting this vulnerability can allow attackers to trigger service failures using specially crafted...

The vulnerability of the microprogramming software of Triconex Model 3009/3009X MP processors and the communication module Tricon Communications Module, related to insufficient testing of exceptional states, allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software of the Triconex Model 3009/3009X MP processors and the Tricon Communications Module is related to insufficient testing of exceptional states. Exploiting this vulnerability can allow attackers to trigger service failures using specially crafted...

The vulnerability of the microprogramming software of Triconex Model 3009/3009X MP processors and the communication module Tricon Communications Module, related to insufficient testing of exceptional states, allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software of the Triconex Model 3009/3009X MP processors and the Tricon Communications Module is related to insufficient testing of exceptional states. Exploiting this vulnerability can allow attackers to trigger service failures using specially crafted...

Beauty-salon v1.0 - Remote Code Execution (RCE)

Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 10.12.2022 Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...

Employee Performance Evaluation System v1.0 - File Inclusion / Remote Code Execution Exploit

Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE Exploit Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html...

The software for 3D design in Adobe Dimension is vulnerable due to insufficient testing of input data, allowing attackers to execute arbitrary code.

The software for 3D design by Adobe Dimension is vulnerable due to insufficient testing of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...