Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-4196: Prevent uploading .phps + .html files in assets manager · Cockpit-HQ/Cockpit@039a00c

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

CVE
Open in Source
#xss#git#php
VMCONNECT: Malicious PyPI Package Mimicking Common Python Tools

By Deeba Ahmed Threat researchers at ReversingLabs, a software supply chain security and malware analysis platform, have discovered a malicious new PyPI… This is a post from HackRead.com Read the original post: VMCONNECT: Malicious PyPI Package Mimicking Common Python Tools

CVE-2023-4181: Free-Hospital-Management-System-for-Small-Practices/vertical privilege escalation/vuln.md at main · Yesec/Free-Hospital-Management-System-for-Small-Practices

A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.

GHSA-qq8m-9rpx-w2fm: Admidio Insufficient Session Expiration vulnerability

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. This vulnerability allows a user's session to remain valid even after the user has logged out, potentially granting unauthorized access to sensitive areas and functionalities.

CVE-2023-4190: Session data not removed completly after logout #1470 · Admidio/admidio@391fb2a

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.

FBI warns users of NFT theft by malicious developers

By Waqas Cybercriminals are posing as legitimate NFT developers and employing sophisticated tactics to deceive unsuspecting victims. This is a post from HackRead.com Read the original post: FBI warns users of NFT theft by malicious developers

CVE-2023-4172: cve/duqu2.md at main · nagenanhai/cve

A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.

CVE-2023-4171: cve/duqu.md at main · nagenanhai/cve

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability.

CVE-2023-4189

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CVE-2023-4188

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.