#web

Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.

Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.

By Deeba Ahmed Yet another day, more unprotected data left in the Cloud without password or security measures. This is a post from HackRead.com Read the original post: Database Mess Up: 7TB of Healthcare Data Leak Affects 12 Million Patients

The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.