Tag
#git
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
By Daily Contributors By Liz Smith, Digital Marketing Consultant for Elsewhen – Digital technologies have transformed how we live, work, and… This is a post from HackRead.com Read the original post: Opinion: The Pros and Cons of the UK’s New Digital Regulation Principles
It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion.
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.
The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in MOVEit Transfer and PaperCut servers. The issue, tracked as CVE-2023-47246, concerns a path traversal
A judge has refused to bring back a class action lawsuit against four car manufacturers because the privacy violation did not meet the WPA standard.
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.