283 matches found
On-Prem ADM automatic backups failure for ADC instance
ADM auto backup ADC instance operation failed. End user may haveEmail alert if email notification enabled in ADM...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Sophisticated SMS Phishing scam Dupes Zendesk Staff
By Habiba Rashid Although the company did not put out an official notice or announcement on its website, impacted customers were emailed with details regarding the security incident. This is a post from HackRead.com Read the original post: Sophisticated SMS Phishing scam Dupes Zendesk Staff...
Improper access control
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
CVE-2023-22489
CVE-2023-22489 affects Flarum, a discussion platform. When the first post of a discussion is permanently deleted but the discussion remains visible, any user who can view the discussion can create a new reply via the REST API, regardless of reply permissions or lock status. This affects users inc...
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...
GHSA-HPH3-HV3C-7725 Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...
PT-2023-18539 · Flarum · Flarum
Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.6.3 Description: The issue allows an actor to read restricted or private content and bypass access checks by using the notifications feature. The notification-sending component does not verify if the subject of the...
CVE-2022-41933
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...
Default credentials
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...
CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...
CVE-2022-41933
CVE-2022-41933 describes plaintext storage of user passwords via XWiki’s “Reset forgotten password” path. Affected: XWiki Platform (noted for 13.1RC1 and newer; only the reset-password flow stores passwords in clear text, not general password change). Impact: potential exposure of passwords in th...
CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...
GHSA-7X4W-J98P-854X Cross site scripting vulnerability with discussion titles
Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or...
The vulnerability of the e-mail notification component of the PeopleSoft Enterprise HCM Candidate Gateway software allows a malicious individual to gain access to read, modify, add, or delete data.
The vulnerability of the email notification component of the PeopleSoft Enterprise HCM Candidate Gateway software lies in insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to gain access to read, modify, add, or delete data through HTTP requests...
WordPress Database Backup for WordPress Plugin < 2.5.2 CSRF Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info
Attackers are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware, researchers have found. Researchers at cloud email security firm Armorblox discovered the malicious campaign targeting Office 365 and...
WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply plugin versions = 1.0.0. Solution Update the WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply plugin to...