python-mechanicalsoup-1.3.0-1.fc41
Automatic update for python-mechanicalsoup-1.3.0-1.fc41.
* Sun Apr 7 2024 Fabian Affolter <mail@fabian-affolter.ch> – 1.3.0-1
– Update to latest upstream version 1.3.0 (closes rhbz#2219697)
– Fix rhbz#2219756, rhbz#2261581 and rhbz#2232585
Posted by Andrew Zayine on Apr 05
Dear Colleagues,
IEEE CSR Workshop on Cyber Forensics and Advanced Threat Investigations in
Emerging Technologies organizing committee is inviting you to submit your
research papers. The workshop will be held in Hybrid mode. The in-person
mode will held at Hilton London Tower Bridge, London from 2 to 4 September
2024
Topics include (but not limited to):
-Forensics and threat investigations in P2P, cloud/edge, SDN/NFV, VPN, and
social networks…
Posted by malvuln on Apr 05
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/0e6e40aad3e8d46e3c0c26ccc6ab94b3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Agent.ju (PSYRAT)
Vulnerability: Authentication Bypass RCE
Family: PSYRAT
Type: PE32
MD5: 0e6e40aad3e8d46e3c0c26ccc6ab94b3
Vuln ID: MVID-2024-0677
Disclosure: 04/01/2024
Description: The PsyRAT 0.01 malware listens on…
Posted by Valentin Lobstein via Fulldisclosure on Apr 05
CVE ID: CVE-2024-30929
Description:
A Cross-Site Scripting (XSS) vulnerability has been found in DerbyNet version 9.0, affecting the `playlist.php`
component. This issue allows remote attackers to execute arbitrary code by exploiting the `back` parameter. The
application does not properly sanitize the `back` parameter before it is rendered on the page, thereby allowing the
injection and execution of arbitrary JavaScript code.
Vulnerability…
Posted by Valentin Lobstein via Fulldisclosure on Apr 05
CVE ID: CVE-2024-30928
Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, particularly within the
`ajax/query.slide.next.inc` file. This vulnerability allows remote attackers to execute arbitrary code and disclose
sensitive information by exploiting the unvalidated `classids` parameter used in constructing SQL queries. This
parameter is not properly sanitized before being included in the SQL statement,…
Posted by Valentin Lobstein via Fulldisclosure on Apr 05
CVE ID: CVE-2024-30927
Description:
A Cross-Site Scripting (XSS) vulnerability is present in DerbyNet version 9.0, specifically within the
`racer-results.php` component. This issue allows remote attackers to execute arbitrary code through the improper
handling of the `racerid` parameter. The vulnerability is notably present within the HTML `<title>` tag, where the
`racerid` parameter value is dynamically inserted directly into the page…
Posted by Valentin Lobstein via Fulldisclosure on Apr 05
CVE ID: CVE-2024-30926
Description:
A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, affecting the
`./inc/kiosks.inc` component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the
`address_for_current_kiosk()` function. The issue stems from the improper sanitization of user-supplied input via the
URL parameters `id` and `address`, which are directly utilized without…
Posted by Valentin Lobstein via Fulldisclosure on Apr 05
CVE ID: CVE-2024-30925
Description:
A Cross-Site Scripting (XSS) vulnerability exists in DerbyNet version 9.0, specifically within the `photo-thumbs.php`
component. This issue enables a remote attacker to execute arbitrary code through the improper handling of the
`racerid` and `back` parameters. The vulnerability arises because the application dynamically generates URLs for
navigation without adequately sanitizing these parameters, thus…
Posted by Valentin Lobstein via Fulldisclosure on Apr 05
CVE ID: CVE-2024-30924
Description:
A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically within the
`checkin.php` component. This vulnerability allows remote attackers to execute arbitrary code due to improper handling
of the `order` URL parameter. The flaw lies in the way the `order` parameter is embedded directly into a JavaScript
variable assignment without adequate sanitization or encoding,…
Posted by Valentin Lobstein via Fulldisclosure on Apr 05
CVE ID: CVE-2024-30923
Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the
`print/render/racer.inc` component. This vulnerability allows remote attackers to execute arbitrary code and disclose
sensitive information by exploiting improper sanitization of the `where` clause in Racer Document Rendering.
Vulnerability Type: SQL Injection
Vendor of Product: DerbyNet – Available on…
