โผ CVE-2023-1122 โผ
๐ Read
via "National Vulnerability Database".
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0156 โผ
๐ Read
via "National Vulnerability Database".
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-4827 โผ
๐ Read
via "National Vulnerability Database".
The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29375 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1381 โผ
๐ Read
via "National Vulnerability Database".
The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1425 โผ
๐ Read
via "National Vulnerability Database".
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner รขโฌโ Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1121 โผ
๐ Read
via "National Vulnerability Database".
The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0893 โผ
๐ Read
via "National Vulnerability Database".
The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24181 โผ
๐ Read
via "National Vulnerability Database".
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0546 โผ
๐ Read
via "National Vulnerability Database".
The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form.๐ Read
via "National Vulnerability Database".
๐ด How and Why to Put Multicloud to Work ๐ด
๐ Read
via "Dark Reading".
Complex multicloud environments present organizations with security challenges, but also opportunities for efficiency.๐ Read
via "Dark Reading".
Dark Reading
How and Why to Put Multicloud to Work
Complex multicloud environments present organizations with security challenges, but also opportunities for efficiency.
๐ AIDE 0.18.2 ๐
๐ Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.๐ Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.18.2 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
๐ tcpdump 4.99.4 ๐
๐ Read
via "Packet Storm Security".
tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.๐ Read
via "Packet Storm Security".
Packetstormsecurity
tcpdump 4.99.4 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
๐ด Russia's Joker DPR Claims Access to Ukraine Troop Movement Data ๐ด
๐ Read
via "Dark Reading".
A hacktivist group working with Russia claims it breached DELTA, the Ukrainian battlefield management system (BMS).๐ Read
via "Dark Reading".
Dark Reading
Russia's Joker DPR Claims Access to Ukraine Troop Movement Data
A hacktivist group working with Russia claims it breached DELTA, the Ukrainian battlefield management system (BMS).
โผ CVE-2023-1970 โผ
๐ Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225407. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26986 โผ
๐ Read
via "National Vulnerability Database".
An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27650 โผ
๐ Read
via "National Vulnerability Database".
An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1971 โผ
๐ Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225408. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1969 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225406 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26919 โผ
๐ Read
via "National Vulnerability Database".
delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.๐ Read
via "National Vulnerability Database".
๐ด High-Stakes Ransomware Response: Know What Cards You Hold ๐ด
๐ Read
via "Dark Reading".
When ransomware strikes, how much should you gamble on your resources and opponents' intentions? Here's how to deal yourself a rational, informed way to weigh your options after an attack.๐ Read
via "Dark Reading".
Dark Reading
High-Stakes Ransomware Response: Know What Cards You Hold
When ransomware strikes, how much should you gamble on your resources and opponents' intentions? Here's how to deal yourself a rational, informed way to weigh your options after an attack.