Subscribe2 – Form, Email Subscribers & Newsletters Security Vulnerabilities

CVE-2024-35735 WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

CVE-2024-35735 WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus

Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and...

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor < 3.8.9 - Unauthenticated Sensitive Information Exposure

Description The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data,....

Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12264)

An attacker residing on the LAN may choose to hijack a DHCP-client session that requests an IPv4 address. The attacker can send a multicast IP-address in the DHCP offer/ack message, which the victim system then incorrectly assigns. This vulnerability can be combined with CVE-2019-12259 to create...

Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12258)

An attacker with the source and destination TCP-port and IP-addresses of a session can inject invalid TCP-segments into the flow, causing the TCP-session to be reset. An application will see this as an ECONNRESET error message when using the socket after such an attack. The most likely outcome...

Hirschmann HiOS Switches Race Condition (CVE-2019-12263)

This vulnerability relies on a race-condition between the network task (tNet0) and the receiving application. It is very difficult to trigger the race on a system with a single CPU-thread enabled, and there is no way to reliably trigger a race on SMP targets. This plugin only works with...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:3781)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3781 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

Quiz And Survey Master < 9.0.2 - Contributor+ SQLi

Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above role PoC 1) You will need a valid nonce for deletion of quiz questions. 2) Sign in....

HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs...

Hirschmann HiOS Switches Heap-based Buffer Overflow (CVE-2019-12257)

DHCP packets may go past the local area network (LAN) via DHCP-relays, but are otherwise confined to the LAN. The DHCP-client may be used by VxWorks and in the bootrom. Bootrom, using DHCP/BOOTP, is only vulnerable during the boot-process. This vulnerability may be used to overwrite the heap,...

Hirschmann HiOS Switches Classic Buffer Overflow (CVE-2019-12260)

This vulnerability could lead to a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer overflow happens in the task calling recv()/recvfrom()/recvmsg(). Applications that pass a buffer equal to or larger than a full TCP-window are not...

PHP < 8.1.29, 8.2.x < 8.2.20, 8.3.x < 8.3.8 Multiple Vulnerabilities - Active Check

PHP is prone to multiple...

Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR

...

Intel 2024.2 IPU - BIOS May 2024 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Processors, which might allow information disclosure and/or denial of service. Intel is releasing microcode updates to mitigate the potential vulnerabilities. Intel has released updates to mitigate the potential...

Hirschmann HiOS Switches Null Pointer Dereference (CVE-2019-12259)

This vulnerability requires that at least one IPv4 multicast address has been assigned to the target in an incorrect way (e.g., using the API intended for assigning unicast-addresses). An attacker may use CVE-2019-12264 to incorrectly assign a multicast IP-address. An attacker on the same LAN as...

Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12262)

An attacker residing on the LAN can send reverse-ARP responses to the victim system to assign unicast IPv4 addresses to the target. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Hirschmann HiOS Switches Stack-based Buffer Overflow (CVE-2019-12256)

This vulnerability resides in the IPv4 option parsing and may be triggered by IPv4 packets containing invalid options. The most likely outcome of triggering this defect is that the tNet0 task crashes. This vulnerability can result in remote code execution. This plugin only works with Tenable.ot....

Quiz And Survey Master < 9.0.2 - Contributor+ SQLi

Description The plugin is vulnerable does not validate and escape the question_id parameter in the qsm_bulk_delete_question_from_database AJAX action, leading to a SQL injection exploitable by Contributors and above...

Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

Description The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the...

Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12265)

The IGMPv3 reception handler does not expect packets to be spread across multiple IP-fragments. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Hirschmann HiOS Switches Integer Underflow (CVE-2019-12255)

An attacker can either hijack an existing TCP-session and inject bad TCP-segments or establish a new TCP-session on any TCP-port listened to by the target. This vulnerability could lead to a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer...

Hirschmann HiOS Switches Classic Buffer Overflow (CVE-2019-12261)

The impact of this vulnerability is a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer overflow happens in the task calling recv()/recvfrom()/recvmsg(). Applications that pass a buffer equal to or larger than a full TCP-window are not...

CVE-2024-35748

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...

CVE-2024-35748

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...

CVE-2024-35748 WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...

CVE-2024-35748 WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...

CVE-2024-31352

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...

CVE-2024-31352

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...

CVE-2024-31352 WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...

CVE-2024-31352 WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...

CVE-2024-33543

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

CVE-2024-33543

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

CVE-2024-33543 WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

CVE-2024-33543 WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

Exploit for CVE-2023-22515

CVE-2023-22515 Тут описана логика эксплуатации уязвимости,...

CVE-2024-35678

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through...

CVE-2024-35678

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through...

CVE-2024-35678 WordPress Contact Form to DB by BestWebSoft plugin <= 1.7.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through...

CVE-2024-35678 WordPress Contact Form to DB by BestWebSoft plugin <= 1.7.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through...

CVE-2024-35718

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through...

CVE-2024-35718

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through...

CVE-2024-35718 WordPress Newsletters plugin <= 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through...

CVE-2024-35718 WordPress Newsletters plugin <= 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through...

CVE-2024-35734

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through...

CVE-2024-35734

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through...

CVE-2024-35734 WordPress WP Time Slots Booking Form plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through...

CVE-2024-35734 WordPress WP Time Slots Booking Form plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through...

Exploit for OS Command Injection in Php

PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI...

Exploit for OS Command Injection in Php

PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI...