Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.

CVE-2022-1467: Support | Cyber Security Updates

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur.

CVE-2021-42233

Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.

Submitted by oretnom23 on Tuesday, April 26, 2022 - 16:07.

****Introduction****

This simple project is a **Rescue Dispatch Management System**. This is a web-based application project developed in **PHP** and **MySQL Database**. This project provides an automated platform for managing the availability of the rescue responders team and recording the incident report efficiently and effectively. This was developed with a pleasant user interface using **Bootstrap Framework** and **AdminLTE Template**. It also consists of user-friendly features and functionalities.

****About the Rescue Dispatch Management System****

I developed this project using the following:

*   **XAMPP v3.3.0**
*   **PHP**
*   **MySQL Database**
*   **HTML**
*   **CSS**
*   **JavaScript**
*   **Ajax**
*   **jQuery**
*   **Bootstrap**
*   **Font Awesome**
*   **AdminLTE**

This **Rescue Dispatch Management System** can be only accessed by the dispatchers or the rescue management. The system stores the list of types of incidents, types of responders team, and incidents reported. The system users are incharge of assigning responders to the location of the reported incident. The dispatcher can only assign the available team. This system also generates printable reports of Daily Incident Report and Daily Incident Report per Type. The application is easy to manage and consists of a front-end feature for managing the system information such as the system name, logo, etc. The system can be accessed by 2 types of user roles which are the Administrator and Staff. The administrator has the privilege to access and manage all the features and functionalities of the system while the staff have only limited permission.

****Features****

*   **Home Page**
    *   Display the summary and images.
*   **Incident Type Management**
    *   Add New Incident Type
    *   List All Incident Types
    *   View Incident Type Details
    *   Delete Incident Type
*   **Respondent Type Management**
    *   Add New Respondent Type
    *   List All Respondent Types
    *   View Respondent Type Details
    *   Update Respondent Type Details
    *   Delete Respondent Type
*   **Team Management**
    *   Add New Team
    *   List All Teams
    *   View Team Details
    *   Update Team Details
    *   Delete Team
*   **Incident Management**
    *   Add New Incident
    *   List All Incidents
    *   View Incident Details
    *   Update Incident Details
    *   Delete Incident
*   **Report**
    *   Generate Printable Daily Incident Report
    *   Generate Printable Daily Incident Report per Type
*   **User Management**
    *   Add New User
    *   List All Users
    *   View User Details
    *   Edit User Details
    *   Delete User Details
*   **Update System Information**
*   **Update Account Details/Credentials**
*   **Login and Logout**

The source code was developed only for educational purposes only. You can download the source code for free and modify it the way you wanted.

**System Snapshots of some Features******Login Page****

****Dashboard Page****

****Incident Report Form****

****Incident Report Details****

****Daily Incident Report Print View****

****Daily Incident Report per Type - Print View****

**How to Run ??**

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)
*   **Download** the project plugins at https://www.dropbox.com/s/0makc07ent9ta4m/rdms\_plugins.zip?dl=1

****System Installation/Setup****

1.  **Enable** the **GD Library** in your **php.ini** file.
2.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
3.  **Extract** the **downloaded source code **zip** file**.
4.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
5.  **Extract** the **downloaded plugins **zip** file**.
6.  **Copy** the extracted plugins folder and **paste** it into the **source code** root path.
7.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
8.  **Create** a **new database** naming ****rdms\_db****.
9.  **Import** the provided ****SQL**** file. The file is known as ****rdms\_db.sql**** located inside the **database** folder.
10.  **Browse** the **Rescue Dispatch Management System** in a **browser**. i.e. ****http://localhost/rdms/****.

****Admin Default Access:****

Username: **admin**  
Password: **admin123**

****DEMO VIDEO****

That's it. You can now explore the features and functionalities of this **Rescue Dispatch Management System** in **PHP**. I hope this will help you with what you are looking for and you'll find something useful for your future projects.

Explore more on this website for more **Free Source Codes** and **Tutorials**.

**Enjoy :)**

*   878 views

CVE-2022-30017: Rescue Dispatch Management System in PHP/OOP Free Source Code

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.

**PHP Data Objects (PDO)**

*   PDO – PHP database extension
*   How to use PDO to insert data into the database?
*   How to use PDO to read data from the database?
*   How to use PDO to update the database?
*   How to delete records?
*   PHP CRUD Operation using PDO Extension
*   Signup and Login operation using PDO
*   Password Hashing in PHP using PDO

**PHP OOP Concepts**

*   Basics Of OOPs in PHP
*   How to create classes and objects?
*   The $this keyword
*   Chaining methods and properties
*   Access modifiers: public vs. private
*   Magic Methods
*   The \_\_construct() magic method
*   Inheritance in PHP
*   Multilevel and Multiple inheritances in PHP

**CodeIgniter**

*   CI Introduction
*   CI Directory Structure
*   CI Controllers
*   CI Model
*   CI View
*   CI Libraries
*   CI Helpers
*   CI Plugins
*   How to create form in CI

**HTML**

*   HTML Introduction
*   HTML Useful Tags
*   HTML Text Formats
*   HTML Links
*   HTML Images
*   HTML Lists
*   HTML Forms
*   HTML Table
*   Content Style in HTML

**MySQL**

*   MySQL Introduction
*   MySQL Command-line
*   MySQL GUI Tools
*   MySQL Users
*   MySQL PHP Connections
*   MySQLi Procedural Functions
*   MySQL Data Type
*   MySQL Database and Tables
*   MySQL Column Modifiers

**Interview QAs**

*   PHP Interview Questions and Answers for Fresher
*   Basic PHP Programs
*   PHP Programming/ Logical Interview questions and answers
*   WordPress Interview Questions and Answers
*   MySQL Interview Question and Answers
*   Common SQL Interview Questions and Answers
*   CodeIgniter Interview Questions and Answers

**WordPress**

*   What is wordpress?
*   WordPress.com vs. WordPress.org
*   WordPress Installation
*   Logging Into Your New WordPress Site
*   WordPress Directory and File Structure
*   WordPress DB Structure & Schema

**PHP with Mysqli**

*   How to Connect PHP with MySQL Database
*   How to insert data into MySql using PHP
*   How to fetch data from MySQL using PHP
*   CRUD operation using PHP and MySQLi
*   User Signup and Sign in using HTML and PHP
*   How to change Password in PHP
*   User login and login tracking using PHP
*   How to check Email and username availability live using jquery/ajax
*   jQuery Dependent DropDown List – States and Districts
*   How to Send Mail Using PHP
*   PHP Email Verification Script
*   How to fetch data in excel or generate excel file in PHP
*   How to prevent Cross-Site Request Forgery (CSRF) in PHP
*   User registration with server-side validation using PHP
*   How to create a Shopping Cart in PHP
*   How to delete multiple records in PHP
*   PHP login with remember me function
*   How to create pagination in PHP
*   How to Create pagination using PHP and MySQLi(with the page number)
*   How to Dynamically Add / Remove input fields in PHP with Jquery Ajax
*   How to send email from localhost using PHP
*   How to use multiple insert queries in PHP
*   CRUD operation with Image Using PHP and MySQLi

**Other PHP Tutorials**

*   Time Ago Script in PHP
*   Get City Country By IP Address in PHP
*   Hit counter in PHP
*   Captcha Image Verification in PHP
*   Server Side form Validation in PHP
*   Date And Time Formatting With PHP
*   How to get Current Indian time in PHP
*   How to get Browser Information In PHP
*   How to convert number to String in PHP
*   How to get current page URL in PHP
*   How to get yesterday and tomorrow date in PHP
*   How to change date format in PHP

As technology keeps updating itself… so do we need to. Advancement in technology is the key to innovation through which you enjoy things you couldn’t a decade ago. Similarly, any Programming language basics keep on updating; it is essential for you to also get trained on all the latest features and the basics while learning a programming language.

PHPGurukul provides you with **PHP Latest tutorials** such as PHP CRUD operations using Procedure or MySQL group, and we keep on adding the latest functionalities tutorials to our website. Apart from these tutorials, we offer some great and usual benefits which will help you in your PHP career, and those are below:

*   You can easily get **PHP Projects Idea** through our website, which you would require when you learn PHP and want to try out something on your own. It all starts with an idea, of course.
*   Our website provides **PHP Tutorials for Students,** and you can also purchase Project reports from PHP gurukul for your submissions in college/universities.
*   Any programming language is tough to learn, but it becomes easier and fun to learn when you start with the basics. Our **PHP Tutorials for beginners** help you to learn from the basics till you learn the advanced concepts of PHP.
*   When you are doing web development apart from scripting languages like HTML, JavaScript, you should also know **PHP oops Concepts,** which are well explained in our tutorials to help you excel in PHP.

PHPGurukul also offers **PHP Projects** available for download in a few and easy steps that you can use directly or can customize as per your needs as PHP is an open-source scripting language. You can opt for free PHP Projects or go for our special Paid PHP Projects with additional features that are good for learning and professional usage.

You can enjoy the tutorials with special advanced concepts, go through Interview Q&A, or download the required PHP Projects with Project reports within no time using our website.

CVE-2022-29004: PHP Project, PHP Projects Ideas, PHP Latest tutorials, PHP oops Concept

Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.

**Project Name**

Online Birth Certificate System

**Language Used**

PHP5.6, PHP7.x

**Database**

MySQL 5.x

**User Interface Design**

HTML, AJAX,JQUERY,JAVASCRIPT

**Web Browser**

Mozilla, Google Chrome, IE8, OPERA

**Software**

XAMPP / Wamp / Mamp/ Lamp (anyone)

**Last Updated**

09 December 2021

In Online Birth Certificate System we use PHP and MySQL Database. This project has two modules i.e. admin and user.

**Admin Module**

**1\. Home**:  In this section, admin can briefly view the total number of the new applications, total verified application and total rejected the application.

**2\. Birth Application:** In this section, admin views the application details and they have also the right to change application status according to current status.

**3\. Reports:** In this section admin can view the application details in a particular period.

**4\. Search:** In this section, admin can search application with the help of customer  application

Admin can also update his profile, change the password and recover the password.

**User Module**

**1.** **Home Page**: In this section, user can view the welcome page of the web application.

**2.Birth Reg Form**: In this section, user can fill the form of birth certificate and see the status of his/her application.

**3.Certificate:** In this section, user can take print of verified certificates.

Users can also update his profile, change the password and recover the password.

**Some Project Screenshots**

**Birth Certificate From**

**Admin Dashboard**

**Birth Certificate  
  
**

How to run the online Birth Certificate System Project

1.Download the zip file

2.Extract the file and copy obcs folder

3.Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/html)

4.Open PHPMyAdmin (http://localhost/phpmyadmin)

5.Create a database with name obcsdb

6.Import obcsdb.sql file(given inside the zip package in SQL file folder)

7.Run the script http://localhost/obcs

Admin Credential  
Username: admin  
Password: Test@123

User Credential  
Username: 9632123698  
Password: Test@12345

**View Demo** ——————————————————-

**Download full source code (Online Birth Certificate System)**

**Size: 12.1 MB**

**Version: V 1.2**

**Online Birth Certificate System Project Report**

Anuj Kumar

Hi! I am Anuj Kumar, a professional web developer with 5+ years of experience in this sector. I found PHPGurukul in September 2015. My keen interest in technology and sharing knowledge with others became the main reason for starting PHPGurukul. My basic aim is to offer all web development tutorials like PHP, PDO, jQuery, PHP oops, MySQL, etc. Apart from the tutorials, we also offer you PHP Projects, and we have around 100+ PHP Projects for you.

CVE-2022-29005: Online Birth Certificate System Project Using PHP and MySQ -PhpGurukul

A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations.

CVE-2022-0900

A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="alert(1)"><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

CVE-2022-1817

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

**Zoo Management System - 'admin\_name' Stored Cross-Site Scripting(XSS)****Exploit Title: Zoo Management System - 'admin\_name' Stored Cross-Site Scripting(XSS)****Exploit Author: webraybtl@webray.com.cn inc****Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.html****Software Link: https://www.sourcecodester.com/download-code?nid=15347&title=Zoo+Management+System+source+code+in+PHP+with+MySQL+Database****Version: Zoo Management System 1.0****Tested on: Windows Server 2008 R2 Enterprise, Apache ,Mysql****Description**

Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application.Zoo Management System does not filter the content correctly at the "content" module, resulting in the generation of stored XSS.

**Payload used:**

<script>alert(111)</script>

**Proof of Concept**

1.  Login the CMS. Admin Default Access: Email: admin@mail.com Password: Password@123
    
2.  Open Page http://172.24.5.102/zoo/admin/public\_html/view\_accounts?type=zookeeper and click Edit button
    
3.  Put XSS payload (<script>alert(111)</script>) in the content box and click on Edit Account to publish the page
    

4.  Viewing the successfully published page,We can see the alert.

CVE-2022-1816: webray.com.cn/Zoo-Management-System(XSS).md at main · Xor-Gerke/webray.com.cn

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

2022-05-23 CVE-2022-28874: Multiple Denial-of-Service (DoS) Vulnerabilities

Multiple denial-of-service (DoS) vulnerabilities while scanning fuzzed PE32-bit files can eventually crash the scanning engine. 

More 2022-04-25 CVE-2022-28871: Denial-of-Service (DoS) Vulnerability

A denial-of-service (DoS) vulnerability in WithSecure component may crash the scanning engine. 

More 2022-04-13 CVE-2022-22965: Vulnerability in Spring Framework Remote Code Execution affect WithSecure Products

A critical vulnerability in the Spring framework affects the following products: F-Secure Policy Manager, F-Secure Policy Manager for Linux, F-Secure Policy Manager Proxy, and F-Secure Elements Connector.

More 2022-03-07 CVE-2021-44750: Arbitrary Code Execution

WithSecure Support Tool (fsdiag) embedded within various WithSecure products for Microsoft Windows can be abused to execute arbitrary commands on the system.

More 2022-03-01 CVE-2021-44749: Universal Cross-Site Scripting Vulnerability in WithSecure SAFE Browser Protection for Android

Vulnerabilities in the browser protection of WithSecure SAFE for Android could allow remote attacker to steal user's sessions cookie.

More 2022-03-01 CVE-2021-44748: Universal Cross-Site Scripting Vulnerability in WithSecure SAFE Browser for Android

Vulnerabilities in the browser of WithSecure SAFE for Android could allow execution of JavaScript. 

More 2022-02-27 CVE-2021-44747: Denial-of-Service (DoS) Vulnerability

Crash while scanning fuzzed files can cause denial-of-service of the antivirus engine.

More 2022-02-07 CVE-2021-40837: Denial-of-Service (DoS) Vulnerability More 2021-12-20 CVE-2021-40836: Denial-of-Service (DoS) Vulnerability More 2021-12-14 CVE-2021-40835: URL Address Bar Spoofing in F-Secure SAFE Browser for iOS More 2021-12-08 CVE-2021-40834: User interface Spoofing in F-Secure SAFE browser for Android More 2021-11-24 CVE-2021-40833: Denial-of-Service (DoS) Vulnerability More 2021-10-06 CVE-2021-40832: Denial-of-Service (DoS) Vulnerability More 2021-10-06 CVE-2021-33603: Denial-of-Service (DoS) Vulnerability More 2021-10-04 CVE-2021-33602: Denial-of-Service (DoS) Vulnerability More 2021-09-26 CVE-2021-33601: Arbitrary Code Execution in Web Interface of F-Secure Internet Gatekeeper More 2021-09-26 CVE-2021-33600: Denial-of-Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper More 2021-09-01 CVE-2021-33599: Denial-of-Service (DoS) Vulnerability More 2021-08-21 CVE-2021-33598: Denial-of-Service (DoS) Vulnerability More 2021-08-09 CVE-2021-33596: Fake Apple Login Prompt in F-Secure SAFE Browser for iOS More 2021-08-09 CVE-2021-33595: F-Secure SAFE Browser for iOS Vulnerable to Address Bar Spoofing More 2021-08-09 CVE-2021-33594: F-Secure SAFE Browser for Android Vulnerable to Address Bar Spoofing More 2021-08-07 CVE-2021-33597: Denial-of-Service (DoS) Vulnerability More 2021-06-01 CVE-2021-33572: Denial-of-Service (DoS) Vulnerability More 2021-01-25 FSC-2021-1: Reflected Cross-Site Scripting Vulnerability in F-Secure Cloud Protection for Salesforce More 2020-11-10 FSC-2020-3: Multiple Buffer Overflow Vulnerabilities in F-Secure Linux Security

Multiple buffer overflow vulnerabilities can lead local privilege escalation.

More 2020-05-17 FSC-2020-2: Local Non-Root User Can Rename or Delete System FIles in Linux Security

A local user can rename or delete arbitrary files owned by root in Linux Security.

More 2020-05-17 FSC-2020-1: CSRF Vulnerability in Web Interface of Linux Security

Vulnerability in web user interface of the F-Secure Linux Security can lead to remotely disable product settings.

More

CVE-2022-28874: Security advisories

Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8.

**Description**

Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice

**Proof of Concept**

    Enter this url : https://demo.collectiveaccess.org/index.php/system/Error/Show/n/3250%22%253CScRiPt%2520%253Ealert(%221337%22)%253C%252FsCripT%253E
    

**Picture:**

Kind Regards,

Rawi (@0xRaw)

**Impact**

Steal User Cookies or redirect user to malicious sites

Tag

#xss