Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...
User Rank: Ninja
12/8/2016 | 12:42:00 PM
Not to discount my statement that there must be more options, which I'm starting to talk myself out of, but how about from another angle in which (at least in the US) we provide more protection to White/Grey Hat (ethical) hackers who can actually help through offensive cybersecurity tactics? Get funds into tactical cybersecurity teams who not only can help, but are willing to put their best efforts forward in analyzing, profiling and attacking hackers and their teams in such a way that they are either quickly found by on-the-ground law enforcement teams, or can't get the resources they need online to perform their hacks. Not to make a standard Hollywood image of the offensive hacker team seem realistic and easy to put together, but come on, there is a level of reality to this option that is hampered in large part by fear of prison due to our nation's archaic and frankly ill-informed computer-related laws.
I just feel there needs to be a big leap, a massive impact, in order to get ahead of cybercrime; the must-dos and process changes noted here obviously are going to happen, but we need a wall to get raised somehow to help that work not go to waste.