🛠Logwatch 7.8 ðŸ›
📖 Read
via "Packet Storm Security".
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Logwatch 7.8 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2021-24837 ‼
📖 Read
via "National Vulnerability Database".
The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4443 ‼
📖 Read
via "National Vulnerability Database".
The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4383 ‼
📖 Read
via "National Vulnerability Database".
The CBX Petition for WordPress plugin through 1.0.3 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4307 ‼
📖 Read
via "National Vulnerability Database".
The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4509 ‼
📖 Read
via "National Vulnerability Database".
The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4753 ‼
📖 Read
via "National Vulnerability Database".
The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43445 ‼
📖 Read
via "National Vulnerability Database".
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4790 ‼
📖 Read
via "National Vulnerability Database".
The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47065 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4230 ‼
📖 Read
via "National Vulnerability Database".
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4760 ‼
📖 Read
via "National Vulnerability Database".
The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24095 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43444 ‼
📖 Read
via "National Vulnerability Database".
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4758 ‼
📖 Read
via "National Vulnerability Database".
The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4475 ‼
📖 Read
via "National Vulnerability Database".
The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4323 ‼
📖 Read
via "National Vulnerability Database".
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3811 ‼
📖 Read
via "National Vulnerability Database".
The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4718 ‼
📖 Read
via "National Vulnerability Database".
The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4305 ‼
📖 Read
via "National Vulnerability Database".
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4675 ‼
📖 Read
via "National Vulnerability Database".
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.📖 Read
via "National Vulnerability Database".