Snapdragon Auto, Snapdragon Mobile Security Vulnerabilities

IBM Security verify Access Appliance Denial of Service Vulnerability

IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management...

Savsoft Quiz v6.0 Enterprise - Stored XSS Vulnerability

...

Microsoft Azure Web App Discovery And Assessment Service Installed (Windows)

Microsoft Azure Web App Discovery and Assessment Service is installed on the remote Windows host. Azure Appliance Auto Update is part of Microsoft Azure...

Microsoft Azure Appliance Auto Update Installed (Windows)

Microsoft Azure Appliance Auto Update is installed on the remote Windows host. Azure Appliance Auto Update is part of Microsoft Azure...

Microsoft Azure SQL Discovery And Assessment Service Installed (Windows)

Microsoft Azure SQL Discovery and Assessment Service is installed on the remote Windows host. Azure Appliance Auto Update is part of Microsoft Azure...

Microsoft Azure Assessment Service Installed (Windows)

Microsoft Azure Assessment Service is installed on the remote Windows host. Azure Appliance Auto Update is part of Microsoft Azure...

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

...

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass Exploit

...

IBM Security verify Access Appliance Security Vulnerability

IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated...

Online Fire Reporting System 1.2 SQL Injection

...

Microsoft Azure Migrate Auto Update < 6.1.294.1003 RCE

The version of Microsoft Azure Appliance Auto Update, a component of Microsoft Azure Migrate, installed on the remote Windows host is prior to 6.1.294.1003. It is, therefore, affected by an unspecified remote code execution vulnerability. Note that Nessus has not tested for these issues but has...

Kruxton 1.0 Shell Upload

...

Microsoft Azure Discovery Service Installed (Windows)

Microsoft Azure Discovery Service is installed on the remote Windows host. Azure Appliance Auto Update is part of Microsoft Azure...

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

...

Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...

Savsoft Quiz v6.0 Enterprise - Stored XSS

...

WordPress Playlist For Youtube 1.32 Cross Site Scripting

...

Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)

...

Wordpress Playlist for Youtube 1.32 Plugin - Stored Cross-Site Scripting Vulnerability

...

Wordpress WP Video Playlist 1.1.1 Plugin - Stored Cross-Site Scripting Vulnerability

...

Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)

...

CVE-2021-47183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer...

Apple warns people of mercenary attacks via threat notification system

Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it's detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...

APKDeepLens - Android Security Insights In Full Spectrum

APKDeepLens is a Python based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration testers, and security researchers to assess the...

mobile-electronique.fr Cross Site Scripting vulnerability OBB-3915282

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks

Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance....

CVE-2024-3620

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql...

CVE-2024-3620

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql...

CVE-2024-3620 SourceCodester Kortex Lite Advocate Office Management System adds.php sql injection

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql...

CVE-2021-47183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer...

CVE-2021-47183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer...

CVE-2021-47183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer...

CVE-2021-47183 scsi: lpfc: Fix link down processing to address NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer...

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core

WordPress 6.5.2 was released yesterday, on April 9, 2024. It included a single security patch, along with a handful of bug fixes. The security patch was for a Stored Cross-Site Scripting vulnerability that could be exploited by both unauthenticated users, when a comment block is present on a page,....

Security Bulletin: RabbitMQ protocol as used by IBM QRadar SIEM lacks certificate validation (CVE-2023-50949)

Summary The RabbitMQ protocol used by SOAR integration for IBM QRadar SIEM lacks certificate validation and could potentially enable MITM attacks. Vulnerability Details ** CVEID: CVE-2023-50949 DESCRIPTION: **IBM QRadar could allow an unauthorized user to perform unauthorized actions due to...

CVE-2024-3542

A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2024-3542

A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2024-3542 Campcodes Church Management System add_visitor.php cross site scripting

A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2024-3542 Campcodes Church Management System add_visitor.php cross site scripting

A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has...

Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...

BT-Professional MOBILE Arbitrary File Read Vulnerability

BT-Professional is reliable software for organizing and managing all nursing tasks. An arbitrary file read vulnerability exists in BT-Professional MOBILE, which can be exploited by an attacker to read arbitrary...

Ubuntu: Security Advisory (USN-6726-1)

The remote host is missing an update for...

CVE-2021-47183

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer...

Auto Poster <= 1.2 - Authenticated (Administrator+) Arbitrary File Upload

Description The Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the...

Patch Tuesday - April 2024

Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today....

April’s Patch Tuesday Brings Record Number of Fixes

If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147....

Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review

Welcome to another insightful dive into Microsoft's Patch Tuesday! This month's security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft...

CVE-2024-2112

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...

CVE-2024-2112

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...