HP PageWide Printers; HP OfficeJet Pro Printers Security Vulnerabilities

Essential Addons for Elementor Pro < 5.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag'

Description The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as...

CVE-2023-51793

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in...

CVE-2023-49501

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. Bugs ...

CVE-2023-50010

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component. Bugs ...

CVE-2023-49502

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. Bugs ...

Security Bulletin: AIX is vulnerable to privilege escalation and denial of service (CVE-2023-45166, CVE-2023-45174, CVE-2023-45170)

Summary UPDATED Feb 2 2024 (New iFixes are available. The new iFixes resolve a technical issue with print queue status. Both sets of iFixes (new and original) resolve the security vulnerabilities described in the bulletin. The new iFixes are only needed if you experience the technical issue...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 219 vulnerabilities disclosed in 209...

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the...

LockBit 3.0 Builder Unleashed Custom Ransomware on the Rise

...

Vulnerability in PuTTY Client Allows Recovery of Private Key

...

TA558’s SteganoAmor Campaign Targets Organizations Worldwide

...

ElementsKit Pro < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection

Description The User Activity Log Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

The Windows Registry Adventure #2: A brief history of the feature

Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...

FortiClient EMS Vulnerability Exploited in Connect:fun Campaign

...

JSOutProx’s Latest Incarnation Strikes Fear in Financial Circles

...

CVE-2024-32513

Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through...

CVE-2024-32513 WordPress Product Feed PRO for WooCommerce plugin <= 13.3.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through...

CVE-2024-2309

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...

CVE-2024-2309 WP Staging < 3.4.0, 5.4.0 (Pro Version) - Admin+ Stored XSS

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...

CVE-2024-2961

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. Notes Author| Note ---|---...

CVE-2024-26910

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu()...

CVE-2024-26825

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet.....

CVE-2024-31578

FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init...

CVE-2024-26920

In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register snapshot trigger...

CVE-2024-31582

FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted...

One Unified API: The Future of Security Data Management with Uni5 Xposure

...

Attacks, Vulnerabilities and Actors 8 to 14 April 2024

...

Zero-Day Flaw in Palo Alto Networks PAN-OS Patched After Active Exploitation

...

MuddyWater Enhances Its Arsenal with DarkBeatC2 Framework

...

CVE-2024-3096

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. Notes Author| Note ---|--- leosilva | version in noble is.....

This Week in Spring - April 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from beautiful Paris, France, ahead of the amazing Devoxx France event. I've come to almost all of these events over the years. It's hard to believe it's been more than a decade since the show was first...

Paid Memberships Pro < 3.0.2 - Cross-Site Request Forgery

Description The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the...

CVE-2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Notes Author| Note ---|--- leosilva |...

Attackers Exploit 8-Year-Old Redis Servers to Deploy Metasploit Meterpreter

...

CVE-2024-32137

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through...

CVE-2024-32137 WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through...

CVE-2024-3763

A vulnerability was found in Emlog Pro 2.2.10. It has been rated as problematic. This issue affects some unknown processing of the file /admin/tag.php of the component Post Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2024-3762

A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/twitter.php of the component Whisper Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2024-3763 Emlog Pro Post Tag tag.php cross site scripting

A vulnerability was found in Emlog Pro 2.2.10. It has been rated as problematic. This issue affects some unknown processing of the file /admin/tag.php of the component Post Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2024-3762 Emlog Pro Whisper Page twitter.php cross site scripting

A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/twitter.php of the component Whisper Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2024-32487

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...

Security Bulletin: IBM® Db2® may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. (CVE-2021-20373)

Summary Db2 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. Vulnerability Details ** CVEID: CVE-2021-20373 DESCRIPTION: **IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable...

Metasploit Weekly Wrap-Up 04/12/24

Account Takeover using Shadow Credentials The new release of Metasploit Framework includes a Shadow Credentials module added by smashery used for reliably taking over an Active Directory user account or computer, and letting future authentication to happen as that account. This can be chained...

TA547 Malware Campaign Hits German Businesses

...

LazyStealer the Unconventional Approach to Cyber Espionage

...

Raspberry Robin Expands Reach via WSF

...

Critical RCE Flaw Found in Fortinet FortiClientLinux

...

Malvertising Campaign Unleashes Nitrogen Malware Via Fake Installers

...

Microsoft’s April 2024 Patch Tuesday Addresses Two Zero-day Vulnerabilities

...