Spam Protection, AntiSpam, FireWall By CleanTalk Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

CVE-2024-6172 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied...

CVE-2024-6172 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied...

CVE-2024-4627

The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...

CVE-2024-5606

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...

CVE-2024-5606

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...

CVE-2024-4627

The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...

CVE-2024-5606 Quiz And Survey Master < 9.0.2 - Contributor+ SQLi

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...

CVE-2024-4627 Rank Math SEO < 1.0.219 - Authenticated Stored XSS

The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin...

Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the....

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated,...

Exploit for CVE-2024-27292

CVE-2024-27292 : Docassemble V1.4.96 Unauthenticated Path...

Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from...

CISA Known Exploited Vulnerability Catalog June 2024

Summary The Known Exploited Vulnerability (KEV) catalog, maintained by CISA, is the authoritative source of vulnerabilities that have been exploited in the wild. It is recommended that all organizations review and monitor the KEV catalog, prioritize remediation of listed vulnerabilities, and...

Exploit for CVE-2024-6387

Qualys Security Advisory regreSSHion: RCE in OpenSSH's server,...

Exploit for CVE-2024-6387

OpenSSH CVE-2024-6387 Vulnerability Checker This Python script...

Exploit for CVE-2024-6387

Link to Qualys Write-Up:...

Exploit for CVE-2024-6387

CVE-2024-6387fixshell 只影响8.5p1 &lt;= OpenSSH &lt; 9.8p1...

degerforsmusikkar.se Cross Site Scripting vulnerability OBB-3939928

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

toscanakarneval.dk Cross Site Scripting vulnerability OBB-3939927

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

mec-kreischa.de Cross Site Scripting vulnerability OBB-3939926

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

karnevalsclub-lungkwitz.de Cross Site Scripting vulnerability OBB-3939925

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

nancy-roemer.de Cross Site Scripting vulnerability OBB-3939924

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Application Server Liberty shipped with with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issues. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

CVE-2016-10000

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

Security Bulletin: TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE

Summary TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE. A patch has been provided that updates the Java SE library. CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193. Vulnerability Details ** CVEID:...

Security Bulletin: TSSC/IMC is vulnerable to aritrary code execution due to Linux Kernel

Summary TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel. A patch that updates the Kernel library has been provided. CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-35001, CVE-2023-35788. Vulnerability Details ** CVEID:...

Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to systemd

Summary TSSC/IMC is vulnerable to arbitrary code execution due to systemd. A patch has been provided that updates the systemd library. CVE-2023-26604. Vulnerability Details ** CVEID: CVE-2023-26604 DESCRIPTION: **systemd could allow a local authenticated attacker to gain elevated privileges on...

Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel

Summary TSSC/IMC is vulnerable to aritrary code excecution due to kernel. A patch has been provided that updates the kernel library. CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235. Vulnerability Details ** CVEID: CVE-2022-42896 DESCRIPTION: **Linux...

Exploit for CVE-2024-29269

CVE-2024-29269 - Telesquare TLR-2005KSH Remote Code Execution...

Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack

The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become the epicenter of a significant website supply...

drivemode.oneskyapp.com Cross Site Scripting vulnerability OBB-3939922

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

digit-eyes.com Cross Site Scripting vulnerability OBB-3939921

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-37765

Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings...

CVE-2024-37764

MachForm up to version 19 is affected by an authenticated stored cross-site...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms...

CVE-2024-37765

Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings...

CVE-2024-37764

MachForm up to version 19 is affected by an authenticated stored cross-site...

CVE-2024-37763

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms...

CVE-2024-37762

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code...

CVE-2024-37762

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code...

donegalcottageholidays.com Cross Site Scripting vulnerability OBB-3939919

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

fliesenverlegung-schuster.de Cross Site Scripting vulnerability OBB-3939918

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

holzidee-ebert.de Cross Site Scripting vulnerability OBB-3939917

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

klebeschrift84.de Cross Site Scripting vulnerability OBB-3939916

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

tsv-kreischa.de Cross Site Scripting vulnerability OBB-3939915

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

tanteemma2go.de Cross Site Scripting vulnerability OBB-3939914

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-38475

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure....

CVE-2024-38474

Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...