MAL-2024-93 Malicious code in wdpr-geolocation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 23c6da3fa43792d291a24c9eeca7d79482936d1a779c6f82840330096ab08cce The OpenSSF Package Analysis project identified 'wdpr-geolocation' @ 27.2.7 npm as malicious. It is considered malicious because: - The package...

Malicious code in wdpr-geolocation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 23c6da3fa43792d291a24c9eeca7d79482936d1a779c6f82840330096ab08cce The OpenSSF Package Analysis project identified 'wdpr-geolocation' @ 27.2.7 npm as malicious. It is considered malicious because: - The package...

FCC wants cars to make life harder for stalkers

Most new model cars are not just cars anymore. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. Some of them are basically smartphones on wheels. Even if we assume these new features were all created with your convenience in mind, some ...

AI Is Scarily Good at Guessing the Location of Random Photos

Wow: To test PIGEONs performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didnt seem to...

CVE-2023-49188

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0...

CVE-2023-49188

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4...

CVE-2023-49188 WordPress Track Geolocation Of Users Using Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0...

The vulnerability of the FortiOS operating systems and the FortiProxy proxy server, related to vulnerabilities in access control, allows attackers to bypass security restrictions.

The vulnerabilities of the FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks are related to deficiencies in access control. Exploiting these vulnerabilities allows a malicious actor to circumvent security restrictions by synchronizing publicly...

WordPress Plugin Track Geolocation Of Users Using Contact Form 7 Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-47536

An improper access control vulnerability CWE-284 in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny...

Fortinet FortiOS Access Control Error Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An Access Control Error...

Caddy Security Breach

Caddy is an open source, cross-platform HTTP/Web server from Caddy. A security vulnerability exists in Caddy-geo-ip GeoIP version 0.6.0, which stems from a vulnerability that allows an attacker to spoof the source IP address of his/her source IP address via the X-Forwarded-For header when using t...

Track Geolocation Of Users Using Contact Form 7 <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Track Geolocation Of Users Using Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress Track Geolocation Of Users Using Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Track Geolocation Of Users Using Contact Form 7 Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49188 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1322772c72f4 Credits DoYeon Par...

CSZ CMS 1.3.0 Remote Command Execution

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 17/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index PyPI repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 package...

PT-2023-9599 · Cisco · Cisco Ftd

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the geolocation access control feature could allow an unauthenticated, remote attacker to bypass an access control policy. This issue ...

CVE-2023-20267

A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability b...

CVE-2023-20267

A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability b...