#apple

CVE-2023-4226: Security issues - Chamilo LMS

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.

1 year ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #mac #windows #apple #google #js #git #java #wordpress #php #rce #perl #ssrf #pdf #acer #auth #ssh #ibm #sap

CVE-2023-4222: Security issues - Chamilo LMS

Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.

1 year ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #mac #windows #apple #google #js #git #java #wordpress #php #rce #perl #ssrf #pdf #acer #auth #ssh #ibm #sap

CVE-2023-3545: Security issues - Chamilo LMS

Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.

1 year ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #mac #windows #apple #google #apache #js #git #java #wordpress #php #rce #perl #ssrf #pdf #acer #auth #ssh #ibm #sap

CVE-2023-3533: Security issues - Chamilo LMS

Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write.

1 year ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #mac #windows #apple #google #js #git #java #wordpress #php #rce #perl #ssrf #pdf #acer #auth #ssh #ibm #sap

CVE-2023-3368: Security issues - Chamilo LMS

Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.

1 year ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #mac #windows #apple #google #js #git #java #wordpress #php #rce #perl #ssrf #pdf #acer #auth #ssh #ibm #sap

CVE-2023-48188: [CVE-2023-48188] Improper neutralization of SQL parameter in Opart Devis for PrestaShop

SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function.

1 year ago

CVE

Open in Source

#sql #vulnerability #web #apple #php #perl #auth

You Don’t Need to Turn Off Apple’s NameDrop Feature in iOS 17

Yes, your iPhone automatically turns on NameDrop with the latest software update. But you shouldn’t really be worried about it—regardless of what the police are saying.

1 year ago

Wired

Open in Source

#ios #apple

Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

By Deeba Ahmed Amazon and eBay have been declared the highest data-collecting platforms among all the Android shopping apps researchers examined. This is a post from HackRead.com Read the original post: Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors

1 year ago

HackRead

Open in Source

#web #ios #android #apple #google #amazon #git #alibaba #chrome

Private and Secure Web Search Engines: DuckDuckGo, Brave, Kagi, Startpage

What you look for online is up to you—just make sure no one else is taking a peek.

1 year ago

Wired

Open in Source