328 matches found
Cross site request forgery (csrf)
SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...
CVE-2023-29003
CVE-2023-29003 affects SvelteKit CSRF protection. Prior to version 1.15.1, an attacker could bypass CSRF by sending requests with a crafted Content-Type header, enabling cross-site requests from third parties and potentially session takeover. SvelteKit 1.15.1 hardens CSRF by (1) treating text/pla...
CVE-2023-29003 SvelteKit has Insufficient Cross-Site Request Forgery Protection
SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...
Debian: Security Advisory (DLA-349-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Understanding Jamstack Security
Learn how Jamstack has emerged as a new architectural paradigm for delivering websites and web-based applications with the promise of improved performance, scalability, and security over the traditional server-driven approach to web development...
Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203
Description Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203 Proof of Concept 1 Go to https://localhost/Cockpit/modules/App/assets/vendor/lodash.js?ver=2.3.9-1676855050 and note that lodash version is 4.17.15 2 Go to https://localhost/Cockpit/ 3 Open Web Devloper tools Ctrl+Shift+I usin...
[SECURITY] [DLA 3306-1] python-django security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3306-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 01, 2023 https://wiki.debian.org/LTS -...
[SECURITY] Fedora 35 Update: php-8.0.25-1.fc35
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora 35 Update: php-8.0.24-1.fc35
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
ZFile arbitrary file upload vulnerability
ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...
USN-5501-1: Django vulnerability
It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information...
Neetai Tech SQL Injection Vulnerability
Neetai Tech is a web development, GST software and accounting software from Neetai India.Neetai Tech is vulnerable to SQL injection, which can be exploited by attackers to cause sql injection issues via manipulation of the /product.php file...
Vapor Denial of Service Vulnerability
Vapor is a Swift web development framework. Can be used to develop high-performance Web applications , support for iOS, OS X and Ubuntu systems. A denial-of-service vulnerability exists in Vapor versions prior to 4.61.1 that stems from not properly handling incoming error messages and can be...
CVE-2022-27237
There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...
CVE-2022-27237
There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...
CVE-2022-27237
There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...
Cross site scripting
There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...
CVE-2022-27237
CVE-2022-27237 describes a cross-site scripting (XSS) vulnerability in an NI Web Server component used with several NI products. The advisory indicates the affected surface is the NI Web Server component across multiple NI product deployments, with remediation guidance requiring upgrading to one ...
CVE-2022-27237
There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...
How to Choose the Right Web Development Firm for Your Startup?
By Owais Sultan Finding the right website development firm or team is a challenging task for many startups. Business owners see… This is a post from HackRead.com Read the original post: How to Choose the Right Web Development Firm for Your Startup?...