βΌ CVE-2021-38354 βΌ
π Read
via "National Vulnerability Database".
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38332 βΌ
π Read
via "National Vulnerability Database".
The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38329 βΌ
π Read
via "National Vulnerability Database".
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40373 βΌ
π Read
via "National Vulnerability Database".
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38349 βΌ
π Read
via "National Vulnerability Database".
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38351 βΌ
π Read
via "National Vulnerability Database".
The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38337 βΌ
π Read
via "National Vulnerability Database".
The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38340 βΌ
π Read
via "National Vulnerability Database".
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37414 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38352 βΌ
π Read
via "National Vulnerability Database".
The Feedify Γ’β¬β Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38359 βΌ
π Read
via "National Vulnerability Database".
The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38355 βΌ
π Read
via "National Vulnerability Database".
The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38331 βΌ
π Read
via "National Vulnerability Database".
The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38333 βΌ
π Read
via "National Vulnerability Database".
The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38336 βΌ
π Read
via "National Vulnerability Database".
The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.π Read
via "National Vulnerability Database".
π Friday Five 9/10 π
π Read
via "".
The latest Windows zero day, ProtonMail under fire, and creating a more diverse cybersecurity workforce - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 9/10
The latest Windows zero day, ProtonMail under fire, and creating a more diverse cybersecurity workforce - catch up on the infosec news of the week with the Friday Five!
π¦Ώ Remote cybersecurity concerns and labor shortages are front and center in a new small business report π¦Ώ
π Read
via "Tech Republic".
Despite economic optimism, many companies are concerned about the impacts of the coronavirus pandemic and have temporarily closed as they adapt to new tech tools and work models.π Read
via "Tech Republic".
TechRepublic
Remote cybersecurity concerns and labor shortages are front and center in a new small business report
Despite economic optimism, many companies are concerned about the impacts of the coronavirus pandemic and have temporarily closed as they adapt to new tech tools and work models.
ποΈ VMware denies allegations it leaked Confluence RCE exploit ποΈ
π Read
via "The Daily Swig".
βIdenticalβ payload removed from GitHub after researcherβs complaintsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
VMware denies allegations it leaked Confluence RCE exploit
βIdenticalβ payload removed from GitHub after researcherβs complaints
β Yandex Pummeled by Potent Meris DDoS Botnet β
π Read
via "Threat Post".
Record-breaking distributed denial of service attack targets Russiaβs version of Google - Yandex.π Read
via "Threat Post".
Threat Post
Yandex Pummeled by Potent Meris DDoS Botnet
Record-breaking distributed denial of service attack targets Russiaβs version of Google - Yandex.
βΌ CVE-2021-37422 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.π Read
via "National Vulnerability Database".
βοΈ KrebsOnSecurity Hit By Huge New IoT Botnet βMerisβ βοΈ
π Read
via "Krebs on Security".
On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from "Meris," the same new "Internet of Things" (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.π Read
via "Krebs on Security".
Krebs on Security
KrebsOnSecurity Hit By Huge New IoT Botnet βMerisβ
On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from "Meris," the same new "Internet of Things" (IoT) botnet behind record-shattering attacks againstβ¦