โผ CVE-2023-5120 โผ
๐ Read
via "National Vulnerability Database".
The Migration, Backup, Staging รขโฌโ WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-4943 โผ
๐ Read
via "National Vulnerability Database".
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5109 โผ
๐ Read
via "National Vulnerability Database".
The WP Mailto Links รขโฌโ Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5656 โผ
๐ Read
via "National Vulnerability Database".
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. This vulnerability is the same as CVE-2023-5533 but was reintroduced in version 4.9.2.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3996 โผ
๐ Read
via "National Vulnerability Database".
The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-44256 โผ
๐ Read
via "National Vulnerability Database".
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-44483 โผ
๐ Read
via "National Vulnerability Database".
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.ร Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-34045 โผ
๐ Read
via "National Vulnerability Database".
VMware Fusion(13.x prior to 13.5)ร contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade.ร A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5618 โผ
๐ Read
via "National Vulnerability Database".
The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐ Read
via "National Vulnerability Database".
๐ Faraday 4.6.1 ๐
๐ Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.๐ Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.6.1 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
โผ CVE-2023-3487 โผ
๐ Read
via "National Vulnerability Database".
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46287 โผ
๐ Read
via "National Vulnerability Database".
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46287 โผ
๐ Read
via "National Vulnerability Database".
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.๐ Read
via "National Vulnerability Database".
๐ฆฟ Develop High-Demand Cybersecurity Skills for Just $60 Through 10/23 ๐ฆฟ
๐ Read
via "Tech Republic".
Protect your company by learning maximum security practices in this bundle, while it's available at $59.97.๐ Read
via "Tech Republic".
TechRepublic
Develop High-Demand Cybersecurity Skills for Just $60 Through 10/23
Protect your company by learning maximum security practices in this bundle, while it's available at $59.97.
๐ด Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors ๐ด
๐ Read
via "Dark Reading".
Vietnamese cybercrime groups are using multiple different MaaS infostealers and RATs to target the digital marketing sector.๐ Read
via "Dark Reading".
Dark Reading
Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors
Vietnamese cybercrime groups are using multiple different MaaS infostealers and RATs to target the digital marketing sector.
๐ด SIM Card Ownership Slashed in Burkina Faso ๐ด
๐ Read
via "Dark Reading".
Users could hold up to five SIM cards previously, but now they can only have two; it's a move that the government says is intended to cut down mobile spam levels.๐ Read
via "Dark Reading".
Dark Reading
SIM Card Ownership Slashed in Burkina Faso
Users could hold up to five SIM cards previously, but now they can only have two; it's a move that the government says is intended to cut down mobile spam levels.
โผ CVE-2023-5689 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5686 โผ
๐ Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5688 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2023-3933 โผ
๐ Read
via "National Vulnerability Database".
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5687 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.๐ Read
via "National Vulnerability Database".