#web

Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.

Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.

By Deeba Ahmed Yet another day, more unprotected data left in the Cloud without password or security measures. This is a post from HackRead.com Read the original post: Database Mess Up: 7TB of Healthcare Data Leak Affects 12 Million Patients

The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.