βΌ CVE-2022-45725 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST requestπ Read
via "National Vulnerability Database".
βΌ CVE-2022-45724 βΌ
π Read
via "National Vulnerability Database".
Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.π Read
via "National Vulnerability Database".
β Reddit admits it was hacked and data stolen, says βDonβt panicβ β
π Read
via "Naked Security".
Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the third...π Read
via "Naked Security".
Naked Security
Reddit admits it was hacked and data stolen, says βDonβt panicβ
Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the thirdβ¦
βΌ CVE-2022-4551 βΌ
π Read
via "National Vulnerability Database".
The Rich Table of Contents WordPress plugin through 1.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0362 βΌ
π Read
via "National Vulnerability Database".
Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0373 βΌ
π Read
via "National Vulnerability Database".
The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0270 βΌ
π Read
via "National Vulnerability Database".
The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0379 βΌ
π Read
via "National Vulnerability Database".
The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4445 βΌ
π Read
via "National Vulnerability Database".
The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0275 βΌ
π Read
via "National Vulnerability Database".
The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0405 βΌ
π Read
via "National Vulnerability Database".
The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.π Read
via "National Vulnerability Database".
β Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug β
π Read
via "Naked Security".
Conditional code considered cryptographically counterproductive.π Read
via "Naked Security".
Naked Security
Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug
Conditional code considered cryptographically counterproductive.
βΌ CVE-2022-41134 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly Γ’β¬β Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22854 βΌ
π Read
via "National Vulnerability Database".
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48077 βΌ
π Read
via "National Vulnerability Database".
Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vulnerability that allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-23553 βΌ
π Read
via "National Vulnerability Database".
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3089 βΌ
π Read
via "National Vulnerability Database".
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23948 βΌ
π Read
via "National Vulnerability Database".
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25159 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24804 βΌ
π Read
via "National Vulnerability Database".
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the appΓ’β¬β’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23551 βΌ
π Read
via "National Vulnerability Database".
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.π Read
via "National Vulnerability Database".