Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0676PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677PUBLISHED: 2023-02-04Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
CVE-2023-0678PUBLISHED: 2023-02-04Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
CVE-2023-0673PUBLISHED: 2023-02-04
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The asso...
CVE-2023-0674PUBLISHED: 2023-02-04
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Th...
User Rank: Ninja
2/21/2015 | 9:07:43 AM
on x.509 certificates: A " Certificate Authority" should be good enough only for marginal trust. Use your copy of GnuPG to countersign your certificate for your Cedit Union, Amazon, Tax Software and the like
security is not something that cna be distributed by commercial interests: you have to roll up your sleeves, get your boots on and get to it.
it won't be that hard to set up help centers in the credit unions, schools, and such --
, but: if we continue as we have recently hacking will be worse in 2015 -- and it has already gone beyond the tipping point. it's unacceptable. hacking can no longer be swept under the carpet as "part of the cost of business"
start by getting rid of products that do not put security and privacy first.