Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

CVE-2023-1352: cve_hub/covid-19-vaccination sql(6).pdf at main · E1CHO/cve_hub

A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851.

CVE
Open in Source
#sql#vulnerability#git#php#pdf
CVE-2023-1353: cve_hub/covid-19-vaccination xss(1).pdf at main · E1CHO/cve_hub

A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852.

CVE-2023-23328: vulnerabilities/README.md at master · superkojiman/vulnerabilities

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.

CVE-2022-48111: WI400 – Web Interface AS400

A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.

CVE-2023-27114: Segmentation fault in wasm_dis at p/wasm/wasm.c:1112 · Issue #21363 · radareorg/radare2

radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.

5 Critical Components of Effective ICS/OT Security

These agile controls and processes can help critical infrastructure organizations build an ICS security program tailored to their own risk profile.

Beware of Fake Facebook Profiles, Google Ads Pushing Sys01 Stealer

By Deeba Ahmed The researchers have been tracking the malware campaign since November 2020. This is a post from HackRead.com Read the original post: Beware of Fake Facebook Profiles, Google Ads Pushing Sys01 Stealer

CVE-2021-33353: Offensive Security’s Exploit Database Archive

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.

Phishing Attack Uses UAC Bypass to Drop Remcos RAT Malware

By Deeba Ahmed Currently, scammers are using DBatLoader malware loader to distribute Remcos RAT to businesses and institutions across Eastern Europe. This is a post from HackRead.com Read the original post: Phishing Attack Uses UAC Bypass to Drop Remcos RAT Malware

4 Things You May Not Know About Performance Analytics Technology

By Owais Sultan Managers are aware that they are being held accountable for their team’s performance. How well their teams do… This is a post from HackRead.com Read the original post: 4 Things You May Not Know About Performance Analytics Technology