Rencontre – Dating Site < 3.11.2 - Subscriber+ PHP Object Injection

Description The plugin unserializes user input, which could allow any authenticated users, such as subscribers to perform PHP Object Injection when a suitable gadget is present on the blog...

Customize Deployments with Akamai's Metadata Service

...

CVE-2023-52180

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.1.0...

CVE-2023-52180

CVE-2023-52180 affects Recipe Maker For Your Food Blog from Zip Recipes (Zip Recipes) up to version 8.1.0. The Wordfence vulnerability list notes an Authenticated (Contributor+) SQL Injection in this plugin, with a patch status of Patched. Impact is SQL Injection that can be triggered by an authe...

College Notes Gallery SQL Injection Vulnerability

College Notes Gallery is a personal blog. code-projects College Notes Gallery version 2.0 suffers from a SQL injection vulnerability that stems from the parameter user in the file login.php that causes SQL injection...

petdoshkov.blog.bg Cross Site Scripting vulnerability OBB-3826511

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Bees Blog Security Breach

Bees Blog is the official blog module of dirty bees. A security vulnerability exists in Bees Blog versions prior to 1.6.2, which stems from improper handling of controllers/front/post.phpsharingurl, leading to cross-site scripting...

CVE-2023-52264

CVE-2023-52264 affects the Bees Blog component (beesblog) prior to version 1.6.2 used with thirty bees. The vulnerability is a Reflected XSS caused by mishandling of the sharing_url in controllers/front/post.php. Impact is reflected XSS; base CVSS 3.1 score 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:...

Friday Squid Blogging: Squid Parts into Fertilizer

Its squid parts from college dissections, so its not a volume operation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

CVE-2023-49826

CVE-2023-49826 corresponds to a deserialization of untrusted data vulnerability in the Soledad WordPress theme (versions up to 8.4.1). Root cause: PHP Object Injection via untrusted data deserialization. Impact: unauthenticated remote code execution/total compromise potential on affected sites. A...

blog.wordvice.com Improper Access Control vulnerability OBB-3819379

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1...

GCHQ Christmas Codebreaking Challenge

Looks like fun. Details here...

Friday Squid Blogging: Underwater Sculptures Use Squid Ink for Coloring

The Molinière Underwater Sculpture Park has pieces that are colored in part with squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Akamai’s Perspective on December’s Patch Tuesday 2023

...

CVE-2023-48049

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

CVE-2023-48049

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

CVE-2023-48049

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

Sql injection

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

Cybrosys Techno Solutions Website Blog Search Security Breach

Cybrosys Techno Solutions Website Blog Search is a blog that provides a search option. A security vulnerability exists in Cybrosys Techno Solutions Website Blog Search versions 13.0 through 13.0.1.0.1, which stems from an SQL injection vulnerability that could allow a remote attacker to execute...