An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

...

Amazon Still Selling T95 TV Box with Pre-Installed Malware

By Deeba Ahmed Malwarebytes has confirmed that, despite confirmed reports of the presence of pre-installed malware in T95 TV boxes, Amazon is still allowing their sale. This is a post from HackRead.com Read the original post: Amazon Still Selling T95 TV Box with Pre-Installed Malware...

CVE-2023-24241

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...

CVE-2023-24956

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php...

CVE-2023-24241

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...

CVE-2023-24956

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php...

Sql injection

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...

CVE-2023-24241

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...

CVE-2023-24956

Forget Heart Message Box v1.1 has a SQL injection vulnerability in the name parameter of the /cha.php endpoint. The issue is publicly described across multiple sources (CNVD, CNNVD, NVD, Red Hat, OSV, etc.) with CVSS v3.1 base score 8.8 (HIGH) and impact to confidentiality, integrity, and availab...

PT-2023-19838 · Unknown · Forget Heart Message Box

Name of the Vulnerable Software and Affected Versions: Forget Heart Message Box version 1.1 Description: A SQL injection issue was discovered in Forget Heart Message Box via the name parameter at the "/cha.php" API endpoint. Recommendations: For Forget Heart Message Box version 1.1, consider...

CVE-2023-24956

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php...

CVE-2023-24241

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php...

PT-2023-19495 · Unknown · Forget Heart Message Box

Name of the Vulnerable Software and Affected Versions: Forget Heart Message Box version 1.1 Description: A SQL injection issue was discovered via the name parameter at the "/admin/loginpost.php" API endpoint. This allows for potential exploitation. No information is available regarding the...

CVE-2023-24241

ForForget Heart Message Box v1.1, a SQL injection vulnerability exists in the admin/loginpost.php endpoint, exploitable via the name parameter. The CVE entry and multiple connected sources consistently describe this issue without detailing a fix. The associated CVSS v3.1 data indicate a critical ...

Analyzing and remediating a malware infested T95 TV box from Amazon

A couple of weeks ago, security news outlets made their rounds reporting on an Android TV box available on Amazon that came pre-installed with malware. The findings came from a Canadian developer, Daniel Milisic, who posted on his GitHub. What Daniel found was an Android T95 TV box infected with...

VulnCheck KEV: CVE-2021-24205

In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget includes/widgets/icon-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a...

Vagrant 安全漏洞

Vagrant is a command line utility for managing the lifecycle of virtual machines. Isolates dependencies and their configurations in a single disposable and consistent environment. Vagrant has a security vulnerability that stems from the boxAdd function not being cleaned up correctly...

Easy Social Box < 4.1.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC easy-fb-like-box locale='"; alert1; var...

WordPress Easy Social Box / Page Plugin Plugin <= 4.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Box / Page Plugin Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4754 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 16d4bede1269 Credits Istv...

Easy Social Box < 4.1.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks easy-fb-like-box locale='"; alert1; var xss=...