In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-18260…
JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vec…
ゲーミングPC200台と大型LEDを完備。752.7m2を誇る教育機関として国内最大クラスのeスポー…
いよいよ発売されました、新型ナイトスターですが、第一印象がめちゃくちゃかっこいいですよね! 特にパッ…
2022年5月12日(現地時刻)Google I/O 2022 Keynote およびDeveloper KeynoteよりAndroid関連のトピックをお届けします。今年のGoogle I/Oも基本的にはオンラインイベ […]
The post Google I/O 2022 Keynote: Android開発者まとめ first appeared on TechBooster.
実証実験で裏付けされた「有効なトレーニング」平岩幹男博士と笹田哲教授が監修。 発達性協調運動障害(D…
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
References
https://nvd.nist.gov/vuln/detail/CVE-2013-1607
https://exchange.xforce.ibmcloud.com/vulnerabilities/82563
https://web.archive.org/web/20200229104225/https://www.securityfocus…
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.
References
https://nvd.nist.gov/vuln/detail/CVE-2013-4318
https://security-tracker.debian.org/tracker/CVE-2013-4318
http://…
RubyGem omniauth-facebook has an access token security vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2013-4593
https://exchange.xforce.ibmcloud.com/vulnerabilities/89040
https://security-tracker.debian.org/tracker/CVE-2013-4593
http:/…
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with %00 and a…
