Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...
User Rank: Ninja
3/17/2013 | 1:03:04 AM
It is funny how quick
one will turn when faced when jail time. I think that SabuGÇÖs biggest contributions
to the Feds were not the people he rolled on, but exposing the unknown
vulnerabilities, and eliminating those threats. I like how it was pointed out
that it is individuals and not computers that are responsible for these
attacks. I believe that people associate computers with threats and vulnerabilities,
although responsible for some security flaws, it is the intent of a individual behind
the attacks. I understand that the Feds are responsible for arresting these
hackers, but it would have been nice to know they caught them through forensics
and not handed to them. That would have given me confidence in our defense,
actually catching them by detecting and investigating then tracing these attacks
to the individuals.
Paul Sprague
InformationWeek Contributor
-á