Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0676PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
CVE-2023-0678PUBLISHED: 2023-02-04Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
CVE-2023-0673PUBLISHED: 2023-02-04
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The asso...
CVE-2023-0674PUBLISHED: 2023-02-04
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Th...
User Rank: Strategist
9/30/2014 | 11:03:40 AM
1) Simplify as much as possible, as has been mentioned in the comments. This is particularly true in the entrance to any programs. The fewer doors, the fewer ways for the rats to get in. I know it's a broad brush, but complexity for its own sake is unsafe. The likelyhood is that every system is probably unsafe due to designers not thinking of every way their code is going to be attacked. This isn't because they're bad designers, it's because not every way code is going to be attacked has been thought of by anybody yet.
2) The people who aren't patching aren't fatigued. Regular patchers shouldn't be fatigued, it's just part of what they do. People who patch absolutly everything the moment a patch comes out probably are fatigued.