WooCommerce – Store Exporter Security Vulnerabilities

CVE-2024-20851

Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store...

CVE-2024-20851

Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store...

CentOS 8 : curl (CESA-2024:1601)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:1601 advisory. An information disclosure vulnerability exists in...

Computer Laboratory Management System 1.0 Insecure Direct Object Reference

...

CVE-2024-3128

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android. This issue affects some unknown processing of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup...

CVE-2024-3128

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android. This issue affects some unknown processing of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup...

CVE-2024-3128 Replify-Messenger Backup File androidmanifest.xml backup

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android. This issue affects some unknown processing of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup...

Security Bulletin: IBM DataPower affected by vulnerability in Go (CVE-2023-39326)

Summary This CVE may affect DataPower Operator or SNMP Exporter for Prometheus Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION: **Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the net/http package. By sending a specially crafted HTTP...

Drozer - The Leading Security Assessment Framework For Android

drozer (formerly Mercury) is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to....

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN's Satori Threat Intelligence team, which said the cluster of VPN apps came fitted....

Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its...

Locatoraid Store Locator < 3.9.31 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.9.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

ARIS: Business Process Management 10.0.21.0 Cross Site Scripting

...

DroidLysis - Property Extractor For Android Apps

DroidLysis is a pre-analysis tool for Android apps: it performs repetitive and boring tasks we'd typically do at the beginning of any reverse engineering. It disassembles the Android sample, organizes output in directories, and searches for suspicious spots in the code to look at. The output helps....

[SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.11.0-1.fc38

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks...

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.11.0-1.fc39

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks...

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.11.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks...

Fedora 39 : prometheus-podman-exporter (2024-a8a4ce2864)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-a8a4ce2864 advisory. Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing...

Fedora 38 : prometheus-podman-exporter (2024-45f0a1df95)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-45f0a1df95 advisory. Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing...

pgAdmin Session Deserialization RCE

pgAdmin versions &lt;= 8.3 have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target application. Th...

RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service Exploit

...

Workout Journal App 1.0 - Stored XSS Vulnerability

...

Stories from the SOC Part 1: IDAT Loader to BruteRatel

Rapid7’s Managed Detection and Response (MDR) team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed.....

Serverpod improved security for stored password hashes

Description Improved security for stored password hashes Serverpod now uses the OWASP, source, recommended Argon2Id password hash algorithm to store password hashes for the email authentication module. Starting from Serverpod 1.2.6 all users that either creates an account or authenticates with the....

Serverpod improved security for stored password hashes

Description Improved security for stored password hashes Serverpod now uses the OWASP, source, recommended Argon2Id password hash algorithm to store password hashes for the email authentication module. Starting from Serverpod 1.2.6 all users that either creates an account or authenticates with the....

Wilder World Launches on Epic Games Store as The First ‘GTA of Web3’ Game

By Uzair Amir Wilder World, a massively multiplayer online metaverse, is now available for wishlisting on the Epic Games Store, a… This is a post from HackRead.com Read the original post: Wilder World Launches on Epic Games Store as The First ‘GTA of Web3’...

Rrgen - A Header Only C++ Library For Storing Safe, Randomly Generated Data Into Modern Containers

This library was developed to combat insecure methods of storing random data into modern C++ containers. For example, old and clunky PRNGs. Thus, rrgen uses STL's distribution engines in order to efficiently and safely store a random number distribution into a given C++ container. Installation 1).....

Exploit for Improper Input Validation in Microsoft

🇮🇱 **#BringThemHome...

Workout Journal App 1.0 - Stored XSS

...

RouterOS 6.44 / 6.49.10 Denial Of Service

...

Ubuntu: Security Advisory (USN-6686-5)

The remote host is missing an update for...

RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service

...

Workout Journal App 1.0 Cross Site Scripting

...

CVE-2024-2998

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site...

CVE-2024-2998

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site...

CVE-2024-2997

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting.....

CVE-2024-2997

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting.....

linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities

It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-22995) It was discovered that a race.....

CVE-2024-2998 Bdtask Multi-Store Inventory Management System Store Update Page cross site scripting

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site...

CVE-2024-2997 Bdtask Multi-Store Inventory Management System cross site scripting

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting.....

CVE-2024-2996

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The.....

CVE-2024-2996

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The.....

CVE-2024-2996 Bdtask Multi-Store Inventory Management System Page Title cross site scripting

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The.....

CVE-2024-29794

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through...

CVE-2024-29794

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through...

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' systems and carry out malicious actions. "This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly...

CVE-2024-29794 WordPress Conversios.io plugin <= 6.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through...

CVE-2024-30181

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through...

CVE-2024-30181

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through...

CVE-2024-30181 WordPress Locatoraid Store Locator plugin <= 3.9.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through...