Email Subscribers & Newsletters Security Vulnerabilities

Ghost Foundation Ghost Post Creation insecure default installation vulnerability

Talos Vulnerability Report TALOS-2022-1686 Ghost Foundation Ghost Post Creation insecure default installation vulnerability January 19, 2023 CVE Number CVE-2022-47197,CVE-2022-47195,CVE-2022-47194,CVE-2022-47196 SUMMARY An insecure default vulnerability exists in the Post Creation functionality of....

Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase....

Stream < 3.9.2 - Subscriber+ Alert Creation

The plugin does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information. PoC Step 1: Log in as a subscriber Step 2: Get a nonce from...

Stream < 3.9.2 - Subscriber+ Alert Creation

The plugin does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-1176)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-1155)

The remote host is missing an update for the Huawei...

Juniper Junos OS Vulnerability (JSA70180)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA70180 advisory. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used...

WordPress Blog2Social Plugin < 6.9.10 Multiple Vulnerabilities

The WordPress...

EulerOS Virtualization 2.10.1 : shim (EulerOS-SA-2023-1155)

According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime...

EulerOS Virtualization 2.10.0 : shim (EulerOS-SA-2023-1176)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime...

CVE-2022-4102

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know.....

CVE-2022-4102

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know.....

Cross site request forgery (csrf)

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know.....

CVE-2022-4102 Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know.....

EulerOS Virtualization 3.0.2.6 : openssl (EulerOS-SA-2023-1052)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

EulerOS Virtualization 3.0.2.6 : openssl098e (EulerOS-SA-2023-1068)

According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for...

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain...

CVE-2022-3994

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain...

Code injection

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain...

CVE-2022-3994 Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure

The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain...

LinkedIn: [ Continuation Report from #1814842 ] Can create articles using other users' NewsLetters

Security researcher found an IDOR on LinkedIn where the attacker is able to publish articles using Victim's newsletter. This published article is not seen on the Victim's newsletter homepage and there is no notification sent to the subscribers of the victim's newsletter regarding this publication.....

PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware

The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated.....

The Guardian hit by "ransomware attack"

On Tuesday December 20, 2022 British newspaper The Guardian experienced a major IT security incident that crippled a part of its IT infrastructure. The suspected cause is ransomware. In an online article the newspaper published an internal statement from the chief executive and the editor-in-chief....

Sharing Netflix, Disney+, other passwords is illegal, according to new guidance

The Intellectual Property Office (IPO), the UK government body overseeing intellectual property rights in the UK, has quietly released new guidance on piracy and online counterfeit goods. This campaign is a joint effort between IPO and Meta, Facebook's parent company. The general issue on piracy...

Huawei EulerOS: Security Advisory for linux-sgx (EulerOS-SA-2022-2852)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2022-2857)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2022-2831)

The remote host is missing an update for the Huawei...

Vulnerability Spotlight: Authentication bypass and enumeration vulnerabilities in Ghost CMS

Dave McDaniel and other members of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in Ghost CMS, one authentication bypass vulnerability and one enumeration vulnerability. Ghost is a content management system with tools to build a website, publish.....

LinkedIn: Attackers do not need to Pay for a Subscription to get the `Discussion Group URL` in `Paid Learning`

The researcher reported an Insecure Direct Object Reference (IDOR) allowing an attacker to extract information about Learning Groups which is disclosed to only paid subscribers of the...

Ghost user enumeration vulnerablity

Talos Vulnerability Report TALOS-2022-1625 Ghost user enumeration vulnerablity December 21, 2022 CVE Number CVE-2022-41697 SUMMARY A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of...

EulerOS 2.0 SP10 : linux-sgx (EulerOS-SA-2022-2852)

According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli....

EulerOS 2.0 SP10 : shim (EulerOS-SA-2022-2831)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli....

EulerOS 2.0 SP10 : shim (EulerOS-SA-2022-2857)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli....

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

CVE-2022-3961

The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system...

CVE-2022-3961

The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system...

Information disclosure

The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system...

CVE-2022-3961 Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure

The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system...

Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks...

Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks...

CVE-2022-47410

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction...

CVE-2022-47410

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction...

CVE-2022-47410

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction...

CVE-2022-47411

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction...

CVE-2022-47411

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction...

CVE-2022-47411

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction...

Design/Logic Flaw

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction...

Design/Logic Flaw

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction...

Reassessing cyberwarfare. Lessons learned in 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...

CVE-2022-47411

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction...