Skip to content

TechMedia

Header Image

[spatie/browsershot] Browsershot version 3.57.3 vulnerable to improper input validation

  • Posted inMODERATE
  • Posted byWpmaster
  • 11/26/202212/03/2022

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does…

[microweber/microweber] Microweber vulnerable to cross-site scripting (XSS)

  • Posted inMODERATE
  • Posted byWpmaster
  • 11/26/202212/03/2022

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the ‘select-file’ parameter. There was a patch released in the development branch but is not yet committed to the main branch.
References

https://nvd….

[spatie/browsershot] Browsershot does not validate URL protocols passed to Browsershot URL method

  • Posted inHIGH
  • Posted byWpmaster
  • 11/26/202212/03/2022

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
References

https://nvd.nist.gov/vuln/de…

[spatie/browsershot] Browsershot vulnerable to Cross-Site Scripting (XSS)

  • Posted inMODERATE
  • Posted byWpmaster
  • 11/26/202212/01/2022

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL’s that use the…

[badaso/core] Badaso vulnerable to Remote Code Execution (RCE)

  • Posted inCRITICAL
  • Posted byWpmaster
  • 11/26/202212/03/2022

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
References

https://nvd.nist.gov/vuln/detai…

[pyrocms/pyrocms] PyroCMS vulnerable to stored Cross Site Scripting

  • Posted inCRITICAL
  • Posted byWpmaster
  • 11/26/202212/06/2022

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS) when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
References

ht…

NEDO、モビリティ電動化と蓄電池開発の課題検討に関する調査公募予告

  • Posted inUncategorized
  • Posted byWpmaster
  • 11/26/2022

国立研究開発法人新エネルギー・産業技術総合開発機構(以下、NEDO)は11月21日、「モビリティの電…

ニューカマー喜怒愛楽(日産エクストレイル)の取材風景をYouTubeにアップしました

  • Posted inMAGXニュース
  • Posted byWpmaster
  • 11/26/2022

マガジンXにて連載中の『ニューカマー喜怒愛楽』は、西川淳、高平高輝、斎藤慎輔の3名のモータージャーナリストが毎…

長野県原村、「のらざあ」を活用したAI乗り合いデマンド交通サービス開始

  • Posted inUncategorized
  • Posted byWpmaster
  • 11/25/202212/11/2022

長野県原村(以下、原村)は、長野県茅野市(以下、茅野市)で運行中の交通サービス「のらざあ」を活用し、…

Google Workspace Updates Weekly Recap – November 25, 2022

  • Posted inGmailGoogle DocsGoogle MeetGoogle SheetsGoogle SlidesOther
  • Posted byWpmaster
  • 11/25/202212/01/2022

New updates Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not…

Posts navigation

Previous Posts 1 … 81,009 81,010 81,011 81,012 81,013 … 81,135 Next Posts

Recent Posts

  • 大規模対戦ACT『Warlander』PS5/XSX版最新情報を公開―新コンテンツ追加やゲーム改善をリリースに向けて開発中
  • サウナブームが到来!!「ととのう」を提供するべく新サウナ施設や様々なサウナグッズが登場 (マイライフニュース)
  • 吉野家HDの24年2月期、営業益34%増 12年ぶり水準 (日本経済新聞)
  • 【フォト】大規模反攻、夏にずれ込む可能性 ウクライナ首相 (産経新聞)
  • 驚き!地球!グレートネイチャー「探検!未知なる海へ~北極海・ポリネシア~」[解][字]
An error has occurred, which probably means the feed is down. Try again later.
RSS Error: A feed could not be found at `https://nordot.app/-/feed/posts/rss?source_id=646357622673671265&curation_url=true`; the status code is `404` and content-type is `text/html; charset=UTF-8`
  • News
  • Twitter
  • Twilog
  • Scrapbox
  • Twitter log
  • Apple News
  • Mastodon log
  • coron news&archives
  • SNSNews
  • TechnoPlanet
  • iTech
  • ComputerJournal
  • Underground News
  • Last.fm
  • はてなブックマーク
  • Tumblr
  • ツイフィール
  • ウェブサイト利用規約
  • Google提供広告の広告設定
  • 他の広告のオプトアウト
  • Valuecommerce配信広告のオプトアウト
  • Zuck配信広告のオプトアウト
  • i-mobile配信広告のオプトアウト
  • Amazon.co.jpパーソナライズド広告の設定

What’s TechMedia

TechMediaはオープンRSS情報サイトです。世界中のウェブサイトから情報を収集し、検索のヒントになる情報を掲載しています。登録RSSの追加依頼はこちらから

TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close