βΌ CVE-2020-19284 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the /group/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the group comments text field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19292 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question.π Read
via "National Vulnerability Database".
β Stolen Credentials Led to Data Theft at United Nations β
π Read
via "Threat Post".
Threat actors accessed the organizationβs proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks.π Read
via "Threat Post".
Threat Post
Stolen Credentials Led to Data Theft at United Nations
Threat actors accessed the organizationβs proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks.
ποΈ Spook.js β New side-channel attack can bypass Google Chromeβs protections against Spectre-style exploits ποΈ
π Read
via "The Daily Swig".
Users are still vulnerable to data leak technique three years onπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spook.js β New side-channel attack can bypass Google Chromeβs protections against Spectre-style exploits
CPU-level data leak technique still kicking, three years on
βΌ CVE-2021-3645 βΌ
π Read
via "National Vulnerability Database".
merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')π Read
via "National Vulnerability Database".
ποΈ WordPress 5.8.1 security release addresses trio of vulnerabilities ποΈ
π Read
via "The Daily Swig".
Block editor XSS and REST API data exposure issues among now-patched bugsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
WordPress 5.8.1 security release addresses clutch of vulnerabilities
Block editor XSS and REST API data exposure issues among now-patched bugs
βΌ CVE-2021-35976 βΌ
π Read
via "National Vulnerability Database".
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victimΓ’β¬β’s browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33011 βΌ
π Read
via "National Vulnerability Database".
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices.π Read
via "National Vulnerability Database".
β 5 Steps For Securing Your Remote Work Space β
π Read
via "Threat Post".
With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home. Here are five recommendations for securing your home office.π Read
via "Threat Post".
Threat Post
5 Steps For Securing Your Remote Work Space
With so many people still working from home, cybercriminals are trying to cash in. Here are five recommendations for securing your home office.
β SOVA, Worryingly Sophisticated Android Trojan, Takes Flight β
π Read
via "Threat Post".
The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.'π Read
via "Threat Post".
Threat Post
SOVA, Worryingly Sophisticated Android Trojan, Takes Flight
The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.'
βΌ CVE-2021-38341 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38338 βΌ
π Read
via "National Vulnerability Database".
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38353 βΌ
π Read
via "National Vulnerability Database".
The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38339 βΌ
π Read
via "National Vulnerability Database".
The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38330 βΌ
π Read
via "National Vulnerability Database".
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38354 βΌ
π Read
via "National Vulnerability Database".
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38332 βΌ
π Read
via "National Vulnerability Database".
The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38329 βΌ
π Read
via "National Vulnerability Database".
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40373 βΌ
π Read
via "National Vulnerability Database".
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38349 βΌ
π Read
via "National Vulnerability Database".
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38351 βΌ
π Read
via "National Vulnerability Database".
The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3.π Read
via "National Vulnerability Database".