‼ CVE-2023-23654 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SparkPost plugin <=Â 3.2.5 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0763 ‼
📖 Read
via "National Vulnerability Database".
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31842 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4774 ‼
📖 Read
via "National Vulnerability Database".
The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31845 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22717 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in nCrafts FormCraft plugin <=Â 1.2.6 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29862 ‼
📖 Read
via "National Vulnerability Database".
An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0520 ‼
📖 Read
via "National Vulnerability Database".
The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection means an attacker can trick a logged in admin to perform the attack by submitting a hidden form.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2180 ‼
📖 Read
via "National Vulnerability Database".
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22706 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <=Â 1.5.48 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1019 ‼
📖 Read
via "National Vulnerability Database".
The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31844 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1839 ‼
📖 Read
via "National Vulnerability Database".
The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1207 ‼
📖 Read
via "National Vulnerability Database".
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0812 ‼
📖 Read
via "National Vulnerability Database".
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.📖 Read
via "National Vulnerability Database".
🛠Samhain File Integrity Checker 4.4.10 ðŸ›
📖 Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.10 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠Simple Universal Fortigate Fuzzer ðŸ›
📖 Read
via "Packet Storm Security".
This python script is a tool for fuzzing Fortigate 7.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Simple Universal Fortigate Fuzzer ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Microsoft Follina Bug Is Back in Meme-Themed Cyberattacks Against Travel Orgs 🕴
📖 Read
via "Dark Reading".
A two-bit comedian is using a patched Microsoft vulnerability to attack the hospitality industry, and really laying it on thick along the way.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Follina Bug Is Back in Meme-Themed Cyberattacks Against Travel Orgs
A two-bit comedian is using a patched Microsoft vulnerability to attack the hospitality industry, and really laying it on thick along the way.
âš Whodunnit? Cybercrook gets 6 years for ransoming his own employer âš
📖 Read
via "Naked Security".
Not just an active adversary, but a two-faced one, too.📖 Read
via "Naked Security".
Naked Security
Whodunnit? Cybercrook gets 6 years for ransoming his own employer
Not just an active adversary, but a two-faced one, too.
‼ CVE-2023-31627 ‼
📖 Read
via "National Vulnerability Database".
An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31623 ‼
📖 Read
via "National Vulnerability Database".
An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.📖 Read
via "National Vulnerability Database".