Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...
User Rank: Ninja
6/9/2017 | 3:28:33 PM
Condolences, though, on your role as an investigator. It seems it must be hard being an investigator in software security if you are not the one defining who you take down. Like law enforcement, the judicial system, and financial industries, there are countless gray areas in InfoSec. How do you know who to arrest, who to prosecute, and who is better to let go in favor of bigger fish.
Cyber criminals come in all shapes and sizes, too. Some can be tracked and taken down with little resistance while others are part of a larger "army" who can be unforgiving once they know you have them in your sights.
But kudos again for giving back, and digging under the casing. With a focus on code, perhaps you'll be in better shape than as an investigator. Don't get me wrong, boy do we need InfoSec investigative work. But I don't envy those who do it.
Nice to see a personal story once in a while here on DR.