🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-51547‼️

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPManageNinja LLC Fluent Support  WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support  WordPress Helpdesk and Customer Support Ticket Plugin from na through 1.7.6.

419 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52131‼️

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Zinc Page Generator.This issue affects Page Generator from na through 1.7.1.

556 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52132‼️

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify from na through 3.1.6.

656 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-52133‼️

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WhileTrue Most And Least Read Posts Widget.This issue affects Most And Least Read Posts Widget from na through 2.5.16.

800 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

🖋️ New JinxLoader Targeting Users with Formbook and XLoader Malware 🖋️

A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader.The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks."The

📖 Read

via "The Hacker News".

👍1

828 views06:59

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2024-21732‼️

FlyCms through abbaa5a allows XSS via the permission management feature.

📖 Read more

Via "National Vulnerability Database"

701 views00:30

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-5877‼️

The affiliatetoolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliatetoolkitstartertoolsatkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery SSRF issue.

686 views00:30

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6000‼️

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

574 views00:30

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6037‼️

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored CrossSite Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup

466 views00:30

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6064‼️

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publiclyaccessible log files containing sensitive information when transactions occur.

391 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6113‼️

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.

354 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6271‼️

The Backup Migration WordPress plugin before 1.3.6 stores inprogress backups information in easy to find, publiclyaccessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.

362 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6421‼️

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.

372 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-6485‼️

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored CrossSite Scripting attacks against high privilege users like admins

375 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2024-0181‼️

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file adminadminuser.php of the component Admin Panel. The manipulation of the argument FirstnameLastnameUsername leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB249433 was assigned to this vulnerability.

394 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-50094‼️

reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an apitoolswafdetector?url string. The commands are executed as root via subprocess.checkoutput.

398 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2023-50096‼️

STMicroelectronics STSAFEA1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeAReceiveBytes buffer overflow in the XCUBESAFEA1 Software Package for STSAFEA sample applications 1.2.0, and thus can affect userwritten code that was derived from a published sample application.

474 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2024-0182‼️

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin of the component Admin Login. The manipulation of the argument usernamepassword leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB249440.

520 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2024-0183‼️

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file adminstudents.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB249441 was assigned to this vulnerability.

597 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

‼️CVE-2024-0184‼️

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file admineditteacher.php of the component Add Enginer. The manipulation of the argument FirstnameLastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB249442 is the identifier assigned to this vulnerability.

660 views00:31

🛡 Cybersecurity & Privacy 🛡 - News

📔 Black Basta Ransomware Decryptor Published 📔

Researchers at SRLabs have revealed a new suite of decryption tools for Black Basta ransomware

📖 Read

via "Infosecurity Magazine".

Infosecurity Magazine

Black Basta Ransomware Decryptor Published

Researchers at SRLabs have revealed a new suite of decryption tools for Black Basta ransomware

635 views09:33

About

Blog

Apps

Platform