1. Reverse Engineering >
  2. Exploits >
  3. REDCap up to 9.2.x Data Import Tool Page cross site scripting


REDCap up to 9.2.x Data Import Tool Page cross site scripting

Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability has been found in REDCap up to 9.2.x and classified as problematic. This vulnerability affects some unknown functionality of the component Data Import Tool Page. Upgrading to version 9.3.0 eliminates this vulnerability....

Externe Quelle mit kompletten Inhalt anzeigen

Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

REDCap bis 7.0.10 SendITController:upload SQL Injection

vom 598.06 Punkte ic_school_black_18dp
Es wurde eine kritische Schwachstelle in REDCap bis 7.0.10 entdeckt. Es betrifft eine unbekannte Funktion. Durch Manipulation des Arguments SendITController:upload durch String kann eine SQL Injection-Schwachstelle ausgenutzt werden. Im Rahmen von CW

Diving Deep Into a Pwn2Own Winning WebKit Bug

vom 425.52 Punkte ic_school_black_18dp
Pwn2Own Tokyo just completed, and it got me thinking about a WebKit bug used by the team of Fluoroacetate (Amat Cama and Richard Zhu) at this year’s Pwn2Own in Vancouver. It was a part of the chain that earned them $55,000 and was a nifty piece of

CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters

vom 353.94 Punkte ic_school_black_18dp
In April 2020, Microsoft released four Critical and two Important-rated patches to fix remote code execution bugs in Microsoft SharePoint. All these are deserialization bugs. Two came through the ZDI program from an anonymous researcher: CVE-2020-0931

Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner

vom 345.93 Punkte ic_school_black_18dp
celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool yo

CVE-2020-0729: Remote Code Execution Through .LNK Files

vom 276.55 Punkte ic_school_black_18dp
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, John Simpson and Pengsu Cheng of the Trend Micro Research Team detail a recent remote code execution bug in Microsoft Windows .LNK files. The following is a portion of

Announcing TypeScript 3.8

vom 263.76 Punkte ic_school_black_18dp
Today we’re proud to release TypeScript 3.8! For those unfamiliar with TypeScript, it’s a language that adds syntax for types on top of JavaScript which can be analyzed through a process called static type-checking. This type-checking can tell us about

Creating .NET Core global tools on macOS

vom 258.39 Punkte ic_school_black_18dp
One of the really cool aspects about .NET Core is the support for global tools. You can use global tools to simplify common tasks during your development workflow. For example, you can create tools to minify image assets, simplify working with source contro

Announcing TypeScript 3.8 RC

vom 257.04 Punkte ic_school_black_18dp
Today we’re announcing the Release Candidate for TypeScript 3.8! Between this RC and our final release, we expect no changes apart from critical bug fixes. To get started using the RC, you can get it through NuGet, or through npm with the following command: npm install typescri

ConstraintLayout 2.0.0 beta 7

vom 250.89 Punkte ic_school_black_18dp
We are happy to announce the release of ConstraintLayout 2.0 beta 7. It’s available from the google maven repository:dependencies {    implementation 'androidx.constraintlayout:constraintlayout:2.0.0-beta7'}or if using the android.support packages:dependencies {    implementation 'com.android.support.constraint:constraint

Help needed with running Python script that uses Selenium

vom 236.28 Punkte ic_school_black_18dp
Hey all, I'm trying to use a tool that I successfully used on Ubuntu now that I've swapped that out for Parrot. I ended up jumping over to Parrot for all of the included security tools but it's shot me in the foot and I'm hoping you can help. I'm pr

Deobfuscating/REversing Remcos - AutoIt, Shellcode, and RunPE

vom 230.01 Punkte ic_school_black_18dp
Remcos is a robust RAT actively being used in the wild. This multi-staged/evasive RAT provides powerful functionality to an attacker. Each stage is written in a different language: AutoIt -> Shellcode -> C++. I wanted to explore both the evasiven

ConstraintLayout 2.0.0 beta 2

vom 223.96 Punkte ic_school_black_18dp
We are happy to announce the release of ConstraintLayout 2.0 beta 2. It’s available from the google maven repository: dependencies {    implementation 'com.android.support.constraint:constraint-layout:2.0.0-beta2'} or if using the AndroidX packages: dependencies {    implementation 'androidx.con

Team Security Diskussion über REDCap up to 9.2.x Data Import Tool Page cross site scripting