Gwyn's Imagemap Selector Security Vulnerabilities

Improper Restriction of XML External Entity Reference in Apache ActiveMQ

XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown...

Improper Restriction of XML External Entity Reference in Apache ActiveMQ

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML...

Improper Restriction of XML External Entity Reference in Apache ActiveMQ

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML...

Apache ActiveMQ Apollo XXE Vulnerability

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML...

Apache ActiveMQ Apollo XXE Vulnerability

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML...

WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting

Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in...

Intel Memory Bug Poses Risk for Hundreds of Products

Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of products. According to an advisory issued by the company on Tuesday, the bug is firmware-based and rated as “high” risk with a Common Vulnerability Scoring System (CVSS) score of 7. The vulnerability.....

WordPress Country Selector <1.6.6 - Cross-Site Scripting

WordPress Country Selector plugin prior to 1.6.6 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the country and lang parameters before outputting them back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the....

Intel® Optane SSD Firmware Advisory

Summary: Potential security vulnerabilities in some Intel® Optane™ SSD and Intel® Optane™ SSD Data Center (DC) products may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates and prescriptive guidance to mitigate these potential...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-d231cb5e1f)

The remote host is missing an update for...

[SECURITY] Fedora 36 Update: rubygem-nokogiri-1.13.4-1.fc36

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...

IOSSecuritySuite - iOS Platform Security And Anti-Tampering Swift Library

 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time.  What ISS...

WordPress Gwyn's Imagemap Selector plugin <= 0.3.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting (XSS) vulnerability discovered by p7e4 in WordPress Gwyn's Imagemap Selector plugin (versions &lt;= 0.3.3) Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for download. This closure is temporary, pending a full...

WordPress Country Selector Plugin跨站脚本漏洞

WordPress is a personal blogging system. WordPress Country Selector Plugin has a cross-site scripting vulnerability that can be exploited by attackers to execute XSS...

CVE-2022-28290

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP...

CVE-2022-28290

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP...

Cross site scripting

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP...

CVE-2022-28290

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP...

Security update for SUSE Manager Client Tools (moderate)

An update that fixes 12 vulnerabilities, contains three features is now available. Description: This update fixes the following issues: grafana: Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) Security: Fixes XSS vulnerability in handling data sources...

Google Android Denial of Service Vulnerability (CNVD-2022-46290)

Google Android is a Linux-based open source operating system from Google, Inc. A denial-of-service vulnerability exists in Google Android, which stems from a possible crash in the re-initialization of HeifDecoderImpl.cpp due to a missing null check. A remote attacker could exploit the...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-9ed7641ce0)

The remote host is missing an update for...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-132c6d7c2e)

The remote host is missing an update for...

[SECURITY] Fedora 35 Update: rubygem-nokogiri-1.13.1-2.fc35

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...

[SECURITY] Fedora 34 Update: rubygem-nokogiri-1.11.7-2.fc34

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the chan ge to using correct CSS and...

WordPress Country Selector premium plugin <= 1.6.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress Country Selector premium plugin (versions &lt;= 1.6.5). Solution Update the WordPress Country Selector premium plugin to the latest available version (at least...

Country Selector < 1.6.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting...

Country Selector < 1.6.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the country and lang parameters before outputting them back in the response, leading to a Reflected Cross-Site...

CVE-2022-26593

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...

CVE-2022-26593

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...

CVE-2022-26593

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...

Cross site scripting

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...

CVE-2022-26593

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset...

Kubernetes: SSRF vulnerability can be exploited when a hijacked aggregated api server such as metrics-server returns 30X

Report Submission Form Summary: This report uses metrics-server as example, but it should be applicable to any aggregated api server. When metrics-server is hijacked, either by modifying the container image directly or by running another pods using the same label selector in kube-system namespace,....

365Inspect - A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments

Further the state of O365 security by authoring a PowerShell script that automates the security assessment of Microsoft Office 365 environments. Setup 365Inspect requires the administrative PowerShell modules for Microsoft Online, Azure AD (We recommend installing the AzureADPreview module),...

(RHSA-2022:1297) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes...

(RHSA-2022:1296) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes...

User's funds can get lost when transferring to other chain

Lines of code Vulnerability details Impact When transferring tokens to other chain, the tokens in the source chain are burned - if they are external they will be transferred to the AxelarGateway, otherwise they will be burned. In the target chain the same amount of tokens will be minted for the...

Jenkins Tests Selector Plugin Arbitrary File Read Vulnerability

Jenkins and Jenkins Plugin are both open source products from Jenkins.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Tests Selector Plugin 1.3.3...

Jenkins Tests Selector Plugin跨站脚本漏洞

Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in Jenkins Tests Selector Plugin 1.3.3 and earlier versions, which stems from an unescaped...

FORCEDENTRY: Sandbox Escape

Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple’s Security Engineering and Architecture (SEAR) group for collaborating with us on the technical analysis. Any editorial opinions reflected below...

Jenkins plugins Multiple Vulnerabilities (2022-03-29)

According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins Bitbucket Server Integration Plugin prior to 3.2.0, Continuous Integration with Toad Edge Plugin prior to 2.4, Coverage/Complexity Scatter Plot Plugin 1.1.1 or earlier,.....

Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...

Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...

Arbitrary file read vulnerability in Jenkins Tests Selector Plugin

Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...

Arbitrary file read vulnerability in Jenkins Tests Selector Plugin

Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...

CVE-2022-28160

Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...

CVE-2022-28159

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...

CVE-2022-28160

Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...

CVE-2022-28160

Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins...

CVE-2022-28159

Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...