📢 Russian hackers declare war on 10 countries after failed Eurovision DDoS attack 📢
📖 Read
via "ITPro".
Italian police thwart cyber attacks on Eurovision's voting systems from the Russian-linked hacker group Killnet after the same group targeted public sector institutions days earlier📖 Read
via "ITPro".
IT PRO
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack | IT PRO
Italian police thwart cyber attacks on Eurovision's voting systems from the Russian-linked hacker group Killnet after the same group targeted public sector institutions days earlier
📢 McAfee appoints Greg Johnson as new CEO 📢
📖 Read
via "ITPro".
Peter Leav to step down in June as anti-virus giant continues to focus on its consumer business📖 Read
via "ITPro".
IT PRO
McAfee appoints Greg Johnson as new CEO | IT PRO
Peter Leav to step down in June as anti-virus giant continues to focus on its consumer business
🕴 Critical OAS Bugs Open Industrial Systems to Takeover 🕴
📖 Read
via "Dark Reading".
The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says.📖 Read
via "Dark Reading".
Dark Reading
Critical OAS Bugs Open Industrial Systems to Takeover
The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says.
‼ CVE-2022-1927 ‼
📖 Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1928 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1566 ‼
📖 Read
via "National Vulnerability Database".
The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1299 ‼
📖 Read
via "National Vulnerability Database".
The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1528 ‼
📖 Read
via "National Vulnerability Database".
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1562 ‼
📖 Read
via "National Vulnerability Database".
The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1527 ‼
📖 Read
via "National Vulnerability Database".
The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0642 ‼
📖 Read
via "National Vulnerability Database".
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1583 ‼
📖 Read
via "National Vulnerability Database".
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1542 ‼
📖 Read
via "National Vulnerability Database".
The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1589 ‼
📖 Read
via "National Vulnerability Database".
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1568 ‼
📖 Read
via "National Vulnerability Database".
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1456 ‼
📖 Read
via "National Vulnerability Database".
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1646 ‼
📖 Read
via "National Vulnerability Database".
The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1009 ‼
📖 Read
via "National Vulnerability Database".
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1582 ‼
📖 Read
via "National Vulnerability Database".
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1556 ‼
📖 Read
via "National Vulnerability Database".
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1611 ‼
📖 Read
via "National Vulnerability Database".
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.📖 Read
via "National Vulnerability Database".