「弁護士よりも労働組合の方が法律上も憲法上も強い力を持っているという点を知らない人は意外と多い。弁護…
ロボットがハンバーガーを作る自販機が意外と良さそう
ちょっとした時に、その場で作りたてのハンバーガーを食べたいと思ったことはありませんか?ニュージャージー州にあるJersey City Newport Centre Mallには、「RoboBurger」と呼ばれる新しい自 […]
The post ロボットがハンバーガーを作る自販機が意外と良さそう first appeared on Ubergizmo JAPAN.
iPhoneに画面内指紋認証が来ることは、無い…?
Face IDは完全に機能しており、Appleが長年にわたって行ってきた変更と改良のおかげでスマートフォンを保護する優秀な方法となっていますが、指紋でロックを解除出来る利便性も否定することは出来ません。残念ながら、どうや […]
The post iPhoneに画面内指紋認証が来ることは、無い…? first appeared on Ubergizmo JAPAN.
夢を追う「売れない俳優」の夫、ついに無職状態に… 働かない=経済的DVと言えるのか?
「売れない俳優である夫から経済的に依存されているのですが、このような状況で離婚した場合に、経済的DV…
[vrana/adminer] Files or Directories Accessible to External Parties in Adminer
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
References
https://nvd.nist.go…
[remdex/livehelperchat] Server side request forgery in LiveHelperChat
SSRF filter bypass port 80, 433 in LiveHelperChat prior to v3.67. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
References
https://nvd.nist.gov/vuln/detail/CVE-2022-1213
https://github.com/livehelperchat/liveh…
[remdex/livehelperchat] Weak password hash in LiveHelperChat
The secrethash, which the application relies for multiple security measures, can be brute-forced. The hash is quite small, with only 10 characters of only hexadecimal, making 16^10 possilibities ( 1.099.511.627.776 ). The SHA1 of the secret can be obta…
[urijs] Incorrect protocol extraction via \r, \n and \t characters
\r, \n and \t characters in user-input URLs can potentially lead to incorrect protocol extraction when using npm package urijs prior to version 1.19.11.
This can lead to XSS when the module is used to prevent passing in malicious javascript: links into…
[github.com/beego/beego] Access control bypass in Beego
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-30080
https://github.com/beego/beego/commit/d5df5e470d0a8ed291930ae802fd7e6b952…
[github.com/beego/beego/v2] Privilege escalation in beego
An issue was discovered in file profile.go. The MemProf and GetCPUProfile functions do not correctly check whether the created file exists. As a result attackers can launch attacks symlink attacks locally. Attackers can use this vulnerability to escala…