Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemory ...

Continue Reading

August 04, 2022

Authenticated Stored Cross-Site Scripting (XSS) vulnerability via API Key discovered by WPScan in WordPress Social Slider Feed plugin (versions Read More ...

Continue Reading

August 04, 2022

Unauthenticated Private Messages Disclosure via Rest API vulnerability discovered by Veshraj Ghimire in WordPress Sensei LMS plugin (versions Read More ...

Continue Reading

August 04, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYnN_Ui_mtMyFummOqncAQ1V0H_Wt6jnBQVrimBv65KHMrPKcEjtaBTo3XPEmclNwoOpmfAq1irrO4FMoDQu_8LE2mysSShtSQ6p4toIckN-NiCBVM1OegoBTjbL8VZ9D0rKy1kL ...

Continue Reading

August 04, 2022

[Application Programming Interfaces]() (APIs) have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has become more widespread ...

Continue Reading

August 04, 2022

In line with the original spirit of Cryptography Dispatches, this is a quick[1] issue to talk about a neat bit of cryptography engineering I encountered. ## The structure of an ECC implementation Elli ...

Continue Reading

August 04, 2022

Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.Read More ...

Continue Reading

August 04, 2022

OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.Read ...

Continue Reading

August 04, 2022