‼ CVE-2021-43509 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43510 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25097 ‼
📖 Read
via "National Vulnerability Database".
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25092 ‼
📖 Read
via "National Vulnerability Database".
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24934 ‼
📖 Read
via "National Vulnerability Database".
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24775 ‼
📖 Read
via "National Vulnerability Database".
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24763 ‼
📖 Read
via "National Vulnerability Database".
The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify settings. Given the lack of sanitisation and escaping in the settings, this could also lead to a Stored Cross-Site Scripting issue which will be executed in the context of a user viewing any survey📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24919 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46253 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24944 ‼
📖 Read
via "National Vulnerability Database".
The Custom Dashboard & Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24900 ‼
📖 Read
via "National Vulnerability Database".
The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24707 ‼
📖 Read
via "National Vulnerability Database".
The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25072 ‼
📖 Read
via "National Vulnerability Database".
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24765 ‼
📖 Read
via "National Vulnerability Database".
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0417 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24983 ‼
📖 Read
via "National Vulnerability Database".
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
🗓️ SureMDM bug chain enabled wholesale compromise of managed devices 🗓️
📖 Read
via "The Daily Swig".
Series of flaws in MDM platform addressed in web console and Linux agent📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SureMDM bug chain enabled wholesale compromise of managed devices
Series of flaws in MDM platform addressed in web console and Linux agent
🕴 Mastercard Launches Global Cybersecurity Alliance Program to Further Secure The Digital Ecosystem 🕴
📖 Read
via "Dark Reading".
New program helps partners accelerate growth and provide scaled delivery of critical cybersecurity and risk services.📖 Read
via "Dark Reading".
Dark Reading
Mastercard Launches Global Cybersecurity Alliance Program to Further Secure The Digital Ecosystem
New program helps partners accelerate growth and provide scaled delivery of critical cybersecurity and risk services.
🕴 Qualys Adds Advanced Remediation Capabilities to Minimize Vulnerability Risk 🕴
📖 Read
via "Dark Reading".
Update to Qualys Cloud Platform enables organizations to fix asset misconfigurations in addition to patching to achieve comprehensive remediation.📖 Read
via "Dark Reading".
Dark Reading
Qualys Adds Advanced Remediation Capabilities to Minimize Vulnerability Risk
Update to Qualys Cloud Platform enables organizations to fix asset misconfigurations in addition to patching to achieve comprehensive remediation.
🗓️ Critical Samba flaw presents code execution threat 🗓️
📖 Read
via "The Daily Swig".
Urgent patching of file-sharing technology urged📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical Samba flaw presents code execution threat
Urgent patching of file-sharing technology urged
‼ CVE-2021-38560 ‼
📖 Read
via "National Vulnerability Database".
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.📖 Read
via "National Vulnerability Database".