Plug'n Play Firewall Security Vulnerabilities

Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

CVE-2024-22397

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript...

CVE-2024-22397

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript...

Cross site scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript...

CVE-2024-22397

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check Chequea si...

CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web...

CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web...

CVE-2024-1772

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible for authenticated...

CVE-2024-1772

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible for authenticated...

CVE-2024-0827

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for...

CVE-2024-0827

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for...

CVE-2024-0828

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers,....

CVE-2024-0828

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers,....

Deserialization of untrusted data

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible for authenticated...

Privilege escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web...

Design/Logic Flaw

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers,....

Cross site request forgery (csrf)

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for...

Demystifying a Common Cybersecurity Myth

One of the most common misconceptions in file upload cybersecurity is that certain tools are "enough" on their own—this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today's...

CVE-2024-0827

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for...

CVE-2024-1772

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible for authenticated...

CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web...

CVE-2024-0828

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers,....

Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs

Understanding and addressing vulnerabilities is critical in cybersecurity, where APIs serve as the backbone for seamless data exchange. The OWASP API Security Top 10, revised in 2023, provides a comprehensive guide to the critical issues that organizations must tackle to ensure the robust security....

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded

🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On March 1st, 2024, during our second Bug Bounty Extravaganza,...

PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app's icon from the home screen of the victim's device, IBM said...

The State of Stalkerware in 2023–2024

The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...

Palo Alto Networks PAN-OS 9.0.x < 9.0.17-h4 / 9.1.x < 9.1.17 / 10.1.x < 10.1.12 / 10.2.x < 10.2.8 / 11.0.x < 11.0.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 9.0.x prior to 9.0.17-h4 or 9.1.x prior to 9.1.17 or 10.1.x prior to 10.1.12 or 10.2.x prior to 10.2.8 or 11.0.x prior to 11.0.3. It is, therefore, affected by a vulnerability. An improper authorization vulnerability in Palo...

K000138895 : BIND vulnerability CVE-2023-5679

Security Advisory Description A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through.....

Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation

Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators'...

This Week in Spring - March 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring survey! Join me for a look at the latest-and-greatest, chronicling how I got started with Spring Boot in...

Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation

Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password. PoC curl --url 'http://vulnerable-site.tld/wp-login.php' --data...

Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

For the second month in 2024, there are no actively exploited vulnerabilities included in this month's security update from Microsoft. March's Patch Tuesday is relatively light, containing 60 vulnerabilities -- only two labeled "critical." Last month's Patch Tuesday included more than 70 security.....

Top 10 web application vulnerabilities in 2021–2023

To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project (OWASP) online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major...

The big play of autonomous vehicles

TL;DR The benefits of autonomous vehicles may not yet be for us consumers There are other areas where autonomy can benefit auto manufacturers and others Having your autonomous car drive you home from the bar may be some way off yet! Car manufacturers and technology startups make a big play of...

Fortinet Fortigate (FG-IR-24-013)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-013 advisory. An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0...

Fortinet Fortigate (FG-IR-23-424)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-424 advisory. An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and...

New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet...

Test and evaluate your WAF before hackers

Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few...

Bootiful Spring Boot in 2024 (part 1)

NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion.....

K000138866 : Python Pillow vulnerability CVE-2023-50447

Security Advisory Description Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). (CVE-2023-50447) Impact There is no impact; F5 products are not affected...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details ** CVEID: CVE-2023-36478 DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in...

[SECURITY] [DSA 5637-1] squid security update

Debian Security Advisory DSA-5637-1 [email protected] https://www.debian.org/security/ Markus Koschany March 08, 2024 https://www.debian.org/security/faq Package : squid CVE ID : CVE-2023-46724 CVE-2023-46846...

Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union. "This allows users of third-party providers who choose to enable interoperability...

Fedora: Security Advisory for colossus (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for...

Fedora: Security Advisory for CardManager (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for...

Debian dsa-5637 : squid - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5637 advisory. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4...

[SECURITY] Fedora 40 Update: colossus-0.14.0-27.fc40

Colossus allows people to play Titan (http://www.boardgamegeek.com/boardgame/103) and several Titan variants, hot seat or via a network. Several different AIs are provided that can play ins tead of...

[SECURITY] Fedora 40 Update: CardManager-3-29.fc40

This is free, open source multiplatform (java) application which allows you to play ANY card game. The game is designed especially to play collectible card games like Magic t he Gathering or Doomtrooper over network. To play those games you need to own (scanned) images of card, which are not ...

Xplain Hack Aftermath: Play Ransomware Leaks Sensitive Swiss Government Data

By Deeba Ahmed In June 2023, Xplain, a Swiss IT services provider, fell victim to a cyberattack claimed by the Play ransomware group. This is a post from HackRead.com Read the original post: Xplain Hack Aftermath: Play Ransomware Leaks Sensitive Swiss Government...