π¨ CVE-2024-2698
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.
In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.
π@cveNotify
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.
In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.
π@cveNotify
π¨ CVE-2024-7617
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2024-8549
The Simple Calendar β Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
The Simple Calendar β Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2024-46655
A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.
π@cveNotify
A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.
π@cveNotify
// CSF LABS //
CVE-2024-46655 Cross-Site-Scripting (XSS) (Reflected) in Ellevo application
# Exploit Title: Cross-Site-Scripting (XSS) (Reflected) in Ellevo application # Google Dork: N/A # Date: 22/01/2024 # Exploit Author: Thiago Miranda de Paula - dTMP3st # LinkedIn Author: https://www.linkedin.com/in/dtmp3st/ # Vendor Homepage: https://ellevo.com/β¦
π¨ CVE-2024-8349
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.
π@cveNotify
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.
π@cveNotify
GitHub
GitHub - karlemilnikka/CVE-2024-8349-and-CVE-2024-8350: Authenticated Privilege Escalation to Admin exploiting Uncanny Groups forβ¦
Authenticated Privilege Escalation to Admin exploiting Uncanny Groups for LearnDash. - karlemilnikka/CVE-2024-8349-and-CVE-2024-8350
π¨ CVE-2024-8483
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information from private static content pages.
π@cveNotify
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information from private static content pages.
π@cveNotify
π¨ CVE-2023-51157
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
π@cveNotify
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
π@cveNotify
Medium
ZKTeco WDMS 5.1.3 β Persistent XSS (CVE-2023β51157)
Bug
π¨ CVE-2024-8552
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality.
π@cveNotify
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality.
π@cveNotify
π¨ CVE-2024-8723
The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2023-39508
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0
This issue affects Apache Airflow: before 2.6.0.
π@cveNotify
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0
This issue affects Apache Airflow: before 2.6.0.
π@cveNotify
seclists.org
SecLists.Org Security Mailing List Archive
Security mailing list archive for the Nmap lists, Bugtraq, Full Disclosure, Security Basics, Pen-test, and dozens more. Search capabilities and RSS feeds with smart excerpts are available
π¨ CVE-2023-20578
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
π@cveNotify
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
π@cveNotify
AMD
AMD Server Vulnerabilities β August 2024
π¨ CVE-2024-6510
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
π@cveNotify
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
π@cveNotify
cirosec
Vulnerability in AVG Internet Security (CVE-2024-6510) - cirosec
September 12, 2024 AVG Internet Security is an antivirus software marketed to consumers.
π¨ CVE-2024-8350
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader-level access and above, to add users to their group which ultimately allows them to leverage CVE-2024-8349 and gain admin access to the site.
π@cveNotify
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader-level access and above, to add users to their group which ultimately allows them to leverage CVE-2024-8349 and gain admin access to the site.
π@cveNotify
GitHub
GitHub - karlemilnikka/CVE-2024-8349-and-CVE-2024-8350: Authenticated Privilege Escalation to Admin exploiting Uncanny Groups forβ¦
Authenticated Privilege Escalation to Admin exploiting Uncanny Groups for LearnDash. - karlemilnikka/CVE-2024-8349-and-CVE-2024-8350
π¨ CVE-2024-8434
The Easy Mega Menu Plugin for WordPress β ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings.
π@cveNotify
The Easy Mega Menu Plugin for WordPress β ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings.
π@cveNotify
π¨ CVE-2024-8476
The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2024-47330
Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.
π@cveNotify
Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.
π@cveNotify
Patchstack
WordPress Slider by Supsystic plugin <= 1.8.6 - Broken Access Control vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-8803
The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2024-6517
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.
π@cveNotify
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.
π@cveNotify
WPScan
Contact Form 7 Math Captcha <= 2.0.1 - Reflected XSS
See details on Contact Form 7 Math Captcha <= 2.0.1 - Reflected XSS CVE 2024-6517. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-47197
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin.
This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0.
Users are recommended to upgrade to version 3.3.0, which fixes the issue.
Archetype integration testing creates a file
called ./target/classes/archetype-it/archetype-settings.xml
This file contains all the content from the users ~/.m2/settings.xml file,
which often contains information they do not want to publish. We expect that on many developer machines, this also contains
credentials.
When the user runs mvn verify again (without a mvn clean), this file becomes part of
the final artifact.
If a developer were to publish this into Maven Central or any other remote repository (whether as a release
or a snapshot) their credentials would be published without them knowing.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin.
This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0.
Users are recommended to upgrade to version 3.3.0, which fixes the issue.
Archetype integration testing creates a file
called ./target/classes/archetype-it/archetype-settings.xml
This file contains all the content from the users ~/.m2/settings.xml file,
which often contains information they do not want to publish. We expect that on many developer machines, this also contains
credentials.
When the user runs mvn verify again (without a mvn clean), this file becomes part of
the final artifact.
If a developer were to publish this into Maven Central or any other remote repository (whether as a release
or a snapshot) their credentials would be published without them knowing.
π@cveNotify
π¨ CVE-2024-7315
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.
π@cveNotify
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.
π@cveNotify
WPScan
Migration, Backup, Staging β WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure
See details on Migration, Backup, Staging β WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure CVE 2024-7315. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-44097
According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server."
π@cveNotify
According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server."
π@cveNotify
Google
Nest Security BulletinβSeptember 2024 - Help
Published September 16, 2024 Past Nest Security Bulletins can be found here. This Nest Security Bulletin contains details of