Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot...

📄 Xerte Online Toolkits 3.14 Template Import Shell Upload

This Metasploit module exploits an authentication bypass allowing arbitrary file upload in Xerte Online Toolkits versions 3.14 and earlier to upload and execute a shell. Specifically, this targets /websitecode/php/import/import.php. Note: this Metasploit module results in directories being create...

Linux Distros Unpatched Vulnerability : CVE-2018-1000875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutabl...

WordPress Plugin Quttera Web Malware Scanner Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2018-1000875

Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be...

CVE-2018-1000875

CVE-2018-1000875 affects BOINC Server and Website Code versions 0.9–1.0.2. The vulnerability is a CWE-302 Authentication Bypass by Assumed-Immutable Data on the Website Terms of Service Acceptance Page, allowing access to any user account via a specially crafted URL. The issue is reported as fixe...