325 matches found
CVE-2024-0980
The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code...
CVE-2024-0980
The CVE-2024-0980 issue affects Okta Verify for Windows’ auto-update service. Two flaws, when combined, could allow arbitrary code execution. Documented impact indicates high severity (AV: Adjacent, AC: High, PR: Low, UI: None, S: Unchanged, C/H/I/A: High). Details across connected sources confir...
CVE-2024-0980
The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code...
PT-2024-2475 · Okta · Okta Verify For Windows
Name of the Vulnerable Software and Affected Versions: Okta Verify for Windows affected versions not specified Description: The issue is related to the auto-update service of Okta Verify for Windows, which is vulnerable to two flaws that can be combined to execute arbitrary code. This could allow...
CVE-2023-5525
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin...
CVE-2023-5525
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin...
CVE-2023-5525 Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin...
CVE-2023-5525 Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin...
PT-2023-32155 · WordPress · Limit-Login-Attempts-Reloaded
Name of the Vulnerable Software and Affected Versions: Limit Login Attempts Reloaded WordPress plugin versions prior to 2.25.26 Description: The issue is related to missing authorization on the toggle auto update AJAX action. This allows any user with a valid nonce to toggle the auto-update statu...
WordPress plugin Limit Login Attempts Reloaded Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update
Description The plugin is missing authorization on the toggleautoupdate AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. As an Admin, open the Limit Login Attempts page in WP Admin and run the following code in the browser console: nonce =...
Rocky Linux 8 : firefox (RLSA-2022:0510)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0510 advisory. - If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants...
Inkdrop vulnerable to code injection
Overview Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. T.Nodoka reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a specially crafted...
JVN#48057522: Inkdrop vulnerable to code injection
Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. Impact If a specially crafted markdown file is opened using the product, arbitrary code may be executed. Solution Update the Software The developer states that Inkdrop has an...
How to set up computer security for your parents
Last Sunday July 23, 2023 was National Parents Day. And maybe you are wondering how you can repay your parents for turning you into the person you are today. And we have an idea that shouldn't cost you much more than some of your time. Help them to shore up their cybersecurity, if they need it. I...
CVE-2023-34029
Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...
CVE-2023-34029
Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin = 2.3.3 versions...
PT-2023-24644 · WordPress · Prem Tiwari Disable Wordpress Update Notifications/Auto-Update Email Notifications
Name of the Vulnerable Software and Affected Versions: Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin versions = 2.3.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing...
U.S. Dept Of Defense: CVE-2023-29489 XSS in cpanel at [www.███] - Securado, Oman
A cross-site scripting XSS vulnerability was found on the cpanel application hosted on a website. The vulnerability allowed an attacker to steal cookies or hijack a browser session. The cpanel was not updated due to the disabled auto-update feature. The vulnerability was mitigated by enabling the...