Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...
User Rank: Ninja
8/17/2019 | 7:54:52 AM
One of the other options I mentioned below (from the quote in our earlier discussion) would be to add a token to the site, this would allow the browser to determine if the site was valid by using a SHA256 hash, site descriptor, and purpose all built into this number. This could be used to ensure the site is not a compromised site or if it is a site they have visited before, the browser would determine that much in the same way we use certificates.
For me, I go to a few sites on a regular for personal and business purposes. There are others but this would help to address the security issue, not all but at least some aspects). Also, we need to start migrating the DNS environment to specifically use DNSSEC and move away from IPv4. This would be much harder for hackers to penetrate defenses because we would secure DNS traffic, reduce MITM attacks, create truly secure connections using IPSec VPN AES256 connections (all built into the protocol - IPv6). We can start identifying where the attack derived from (1-to-1 connections using IPv6) and the token would help to validate the site with the help of ML (I wanted to reiterate the point listed below because ML was only one of the points brought up in the beginning phases of the discussion).
Tokenization is the future of business and personal transactions. Blockchain is looking into that as well.
T