βΌ CVE-2023-0328 βΌ
π Read
via "National Vulnerability Database".
The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).π Read
via "National Vulnerability Database".
βΌ CVE-2023-0068 βΌ
π Read
via "National Vulnerability Database".
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0165 βΌ
π Read
via "National Vulnerability Database".
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0065 βΌ
π Read
via "National Vulnerability Database".
The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4328 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the serverπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0069 βΌ
π Read
via "National Vulnerability Database".
The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0212 βΌ
π Read
via "National Vulnerability Database".
The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4265 βΌ
π Read
via "National Vulnerability Database".
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated userπ Read
via "National Vulnerability Database".
βΌ CVE-2022-46395 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48364 βΌ
π Read
via "National Vulnerability Database".
The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0377 βΌ
π Read
via "National Vulnerability Database".
The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0063 βΌ
π Read
via "National Vulnerability Database".
The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0076 βΌ
π Read
via "National Vulnerability Database".
The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
π AIDE 0.18.1 π
π Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.π Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.18.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Feds warn about right Royal ransomware rampage that runs the gamut of TTPs β
π Read
via "Naked Security".
Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?π Read
via "Naked Security".
β DoppelPaymer ransomware supsects arrested in Germany and Ukraine β
π Read
via "Naked Security".
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in DΓΌsseldorf.π Read
via "Naked Security".
Naked Security
DoppelPaymer ransomware supsects arrested in Germany and Ukraine
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in DΓΌsseldorf.
βΌ CVE-2023-0979 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData Informatics MedDataPACS.This issue affects MedDataPACS : before 2023-03-03.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10094 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Fastly Plugin up to 0.97. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The name of the patch is d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-1200 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24789 βΌ
π Read
via "National Vulnerability Database".
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1197 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.π Read
via "National Vulnerability Database".