#perl

Contactless fingerprinting uses a smartphone camera to capture your prints—and opens up a whole new set of privacy concerns.

### Impact Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views. The problem here stems from multiple issues: - Insufficient database sanitation on multiple fields allows injection of un-sanitized HTML - Lack of HTML escaping when rendering data on the front end The attack vector here is limited, as only authenticated users are able to write data to the database, for it to be subsequently rendered on the front-end. However, it is a vulnerability that the InvenTree development team takes seriously. ### Solution The proposed patch for this vulnerability is prevents injection of un-escaped fields into front-end UI elements. A future patch will also address sanitization of database fields on the "back end", however this will require a much larger effort to refactor multiple database tables. ### Patches - Th...

Affected versions of this crate did not implement `Drop` when `#[zeroize(drop)]` was used on an `enum`. This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute. The flaw was corrected in version 1.2 and `#[zeroize(drop)]` on `enum`s now properly implements `Drop`.

Affected versions of this crate did not properly calculate secret shares requirements. This reduces the security of the algorithm by restricting the crate to always using a threshold value of three, rather than a configurable limit. The flaw was corrected by correctly configuring the threshold.

Affected versions of this crate did not properly check the length of an enum when using `enum_map!` macro, trusting user-provided length. When the `LENGTH` in the `Enum` trait does not match the array length in the `EnumArray` trait, this can result in the initialization of the enum map with uninitialized types, which in turn can allow an attacker to execute arbitrary code. This problem can only occur with a manual implementation of the Enum trait, it will never occur for enums that use `#[derive(Enum)]`. Example code that triggers this vulnerability looks like this: ```rust enum E { A, B, C, } impl Enum for E { const LENGTH: usize = 2; fn from_usize(value: usize) -> E { match value { 0 => E::A, 1 => E::B, 2 => E::C, _ => unimplemented!(), } } fn into_usize(self) -> usize { self as usize } } impl<V> EnumArray<V> for E { type Array = [V; 3]; } let _map: EnumMap<E, String>...

By Owais Sultan What is VPS? VPS can be a great solution for the web presence of your business, blog, e-commerce,… This is a post from HackRead.com Read the original post: How to configure cPanel and WHM Panel on your VPS

Security pros can employ the technology to evaluate vulnerabilities and system capabilities, but they need to watch for the potential risks.

This advisory contains mitigations for an Improperly Implemented Security Check for Standard vulnerability in the Siemens SINEMA Remote Connect Server.

For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra. This article will go in-depth on the

Attackers could also potentially gain access to various internal services, researcher warns