CVE-2021-24354

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

The vulnerability of the modular library for simplifying the development of JavaScript or AJAX-based applications and websites allows attackers to compromise the confidentiality, integrity, and accessibility of protected information due to improper coding or the concealment of output data.

The vulnerability of the modular library used for simplifying the development of JavaScript- or AJAX-based applications and websites in the Dojo Toolkit is related to incorrect coding or the concealment of output data. Exploiting this vulnerability can allow an attacker to compromise the...

SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2019:14217-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14217-1 advisory. - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable...

SUSE SLES11 Security Update : xen (SUSE-SU-2020:14444-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14444-1 advisory. - Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Goto WordPress theme prior to version 2.1,...

CVE-2021-24282

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7rresetsettings to reset the plugin’s settings, wpcf7raddaction to...

CVE-2021-24190

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog,...

PT-2021-15734 · WordPress · Wp Content Copy Protection & No Right Click

Name of the Vulnerable Software and Affected Versions: WP Content Copy Protection & No Right Click WordPress plugin versions prior to 3.1.5 Description: The issue allows low-privileged users to exploit the AJAX action 'cp plugins do button job later callback' to install any plugin, including...

WordPress plugin 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An improper access control vulnerability exists in WordPress Redirection for Contact Form 7 Plugin...

WordPress plugin Login as User or Customer 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin 1.8 before the version User Switching...

WordPress plugin Login Protection - Limit Failed Login Attempts 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin 2.9 prior to the version Login Protectio...

2019.2 IPU – TSX Asynchronous Abort Advisory

Summary: A potential security vulnerability in TSX Asynchronous Abort TAA for some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-11135 Description: TSX Asynchronous Abort...

Red Hat Ansible 竞争条件问题漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to distribute, manage, and orchestrate computer systems. A competitive conditions issue vulnerability exists in Red Hat Ansible. The vulnerability stems from an Ansible user setti...

SUSE-RU-2021:1517-1 Recommended update for open-iscsi

This update for open-iscsi fixes the following issues: - Enabled asynchronous logins for iscsi.service bsc1183421 - Fixed a login issue when target is delayed...

WordPress插件 跨站脚本漏洞

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A cross-site scripting vulnerability exists in Patreon WordPress versions prior to 1.7.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the...

CVE-2021-24184

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...

CVE-2021-24163

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...

CVE-2021-21409

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.61.Final there is a vulnerability that enables request smuggling. The...

Vajra - A Highly Customi zable Target And Scope Based Automated Web Hacking Framework To Automate Boring Recon Tasks

An automated web hacking framework for web applications Detailed insight about Vajra can be found at https://hackwithproxy.medium.com/introducing-vajra-an-advanced-web-hacking-framework-bd8307a01aa8 About Vajra Vajra is an automated web hacking framework to automate boring recon tasks and same...

The vulnerability of the Samba AD DC LDAP server, related to errors in processing the “Paged Results” and “ASQ” control elements, allows an attacker to cause a service failure.

The vulnerability of the Samba AD DC LDAP server is related to errors in processing the “Paged Results” and “ASQ” control elements. Exploiting this vulnerability can allow an attacker to cause service failures...