PT-2024-24040 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.12 a-blog cms versions prior to 3.0.32 a-blog cms versions prior to 2.11.61 a-blog cms versions prior to 2.10.53 a-blog cms version 2.9 and earlier Description: A directory traversal vulnerability exists in...

PT-2024-24041 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.12 a-blog cms versions prior to 3.0.32 a-blog cms versions prior to 2.11.61 a-blog cms versions prior to 2.10.53 a-blog cms version 2.9 and earlier Description: A cross-site scripting issue exists, allowing a...

PT-2024-24042 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.0.x through 3.0.31 a-blog cms versions 3.1.x through 3.1.11 Description: A code injection issue exists, allowing a user with administrator or higher privilege who can log in to the product to execute an arbitrary command...

PT-2024-23347 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.0.x through 3.0.31 a-blog cms versions 3.1.x through 3.1.11 Description: A server-side request forgery SSRF issue exists, allowing a user with administrator or higher privilege who can log in to the product to obtain...

PT-2024-23345 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.12 a-blog cms versions prior to 3.0.32 a-blog cms versions prior to 2.11.61 a-blog cms versions prior to 2.10.53 a-blog cms version 2.9 and earlier Description: A cross-site scripting vulnerability exists in...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002: Exploiting Git RCE via git clone This repos...

GHSA-2X6G-H2HG-RQ84 Grafana Email addresses and usernames can not be trusted

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...

GHSA-MPWP-42X6-4WMX Grafana Fine-grained access control vulnerability

Impact On Nov. 2, during an internal security audit, we discovered that when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, ad...

CVE-2024-3239 PostX < 4.0.2 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

Friday Squid Blogging: Squid Mating Strategies

Some squids are "consorts," others are "sneakers." The species is healthiest when individuals have different strategies randomly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

CVE-2024-25520

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sysblogtemplatenew.aspx...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /SysManage/sysblogtemplatenew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...

Print My Blog – Print, PDF, & eBook Converter WordPress Plugin < 3.26.3 - Missing Authorization

Description The Print My Blog – Print, PDF, & eBook Converter WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions like the saveProjectGenerate function in all versions up to, and including, 3.26.2. This...

CVE-2024-33907

Missing Authorization vulnerability in Michael Nelson Print My Blog print-my-blog.This issue affects Print My Blog: from n/a through = 3.26.2...

CVE-2024-33907 WordPress Print My Blog plugin <= 3.26.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2...

CVE-2024-33907 WordPress Print My Blog plugin <= 3.26.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Michael Nelson Print My Blog print-my-blog.This issue affects Print My Blog: from n/a through = 3.26.2...

CVE-2024-33907

CVE-2024-33907 affects Print My Blog (WordPress plugin) with missing authorization vulnerability up to version 3.26.2. Exploitation details are not provided in the documents, but Red Hat and Wordfence entries confirm a Missing Authorization flaw and a patched remediation path: upgrade to 3.26.2 o...

New Lawsuit Attempting to Make Adversarial Interoperability Legal

Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision--and an even more obscure typo. Read this...

PT-2024-25541 · Michael Nelson · Print My Blog

Name of the Vulnerable Software and Affected Versions: Print My Blog versions 3.26.2 and earlier Description: The issue is related to a Missing Authorization vulnerability in Michael Nelson Print My Blog. Recommendations: For versions 3.26.2 and earlier, update to a version later than 3.26.2 to...

CVE-2024-33945 WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solverwp.Com Eleblog – Elementor Blog And Magazine Addons allows Stored XSS.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through 1.8...