325 matches found
WordPress companion-auto-update plugin input validation error vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. companion-auto-update is a plugin used to update WordPress and related components. WordPress companion-auto-update plugin input...
WordPress companion-auto-update plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. companion-auto-update is a plugin used to update WordPress and related components. A cross-site request forgery vulnerability exists i...
CVE-2018-20972
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...
CVE-2018-20972
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...
CVE-2018-20973
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion...
CVE-2018-20973
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion...
Cross site request forgery (csrf)
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...
CVE-2018-20972
CVE-2018-20972 is a CSRF vulnerability in the WordPress plugin companion-auto-update prior to version 3.2.1. The connected sources consistently describe an insufficient verification of request origin that allows cross-site requests to perform unintended actions on behalf of an authenticated user....
CVE-2018-20973
CVE-2018-20973 concerns the WordPress plugin companion-auto-update before version 3.2.1, which contains a local file inclusion (LFI) vulnerability. The issue arises in the plugin, enabling an attacker to access local files on the server. Public references in the provided documents consistently de...
CMSeeK v1.1.2 - CMS Detection And Exploitation Suite - Scan WordPress, Joomla, Drupal And Over 170 Other CMSs
What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.1.2 19-05-2019 - Version 1.1.1...
License Auto Update fails after applying Update 4
Challenge License Auto Update fails Cause Any licenses obtained prior to U4 are now known as 'Legacy Licenses'. Auto Update functionality cannot migrate a Legacy License to the new Veeam Instance License. The message most likely received is: Error Server message: License key type is not supported...
Cybercriminals Have a Heyday with WinRAR Bug in Fresh Campaigns
A recently discovered vulnerability in the WinRAR file archival utility has been exploited in a slew of new campaigns, including one with a never-before-seen payload. The flurry of activity shows no sign of waning as cybercriminals continue to find success exploiting the bug. The campaigns take...
Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates
Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn't have an auto-update feature, whic...
Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates
Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn't have an auto-update feature, whic...
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...
Companion Auto Update <= 3.3.5 - Authenticated SQL Injection
The Companion Auto Update WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...
Secure channel communications stop working after disabling TLS 1.0/1.1
After disabling TLS 1.0/1.1, Veeam functionality which utilizes the SCHANNEL security provider, such as license auto-update, license usage reporting and Veeam explorers with remote mounts stop working...
Cybercriminals Target Kodi Media Player for Malware Distribution
The Kodi media player has emerged as a malware distribution platform for cybercriminals, recently becoming the target for a cryptomining campaign that compromised about 5,000 machines before being thwarted. Those victims are still at risk, researchers warned. Kodi is free and open-source, and can...
Someone Hijacked MEGA Chrome Extension to Steal Users' Passwords
Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like...