150 matches found
Grab & Save <= 1.0.4 - Cross-Site Request Forgery
Description The Grab & Save plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the mediaprocess function. This makes it possible for unauthenticated attackers to upload images via a forg...
Grab & Save <= 1.0.4 - Reflected Cross-Site Scripting
Description The Grab & Save plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47844 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 52717b94fa86 Credits Dimas Maulana Required privilege...
WordPress Grab & Save Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Grab & Save Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47845 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10b2ddc4a429 Credits Dimas Maulana Required...
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation as demonstrated by a WARNING for try_grab_page.
...
SUSE CVE-2023-40791
extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...
CVE-2023-40791
extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...
DEBIAN-CVE-2023-40791
extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...
UBUNTU-CVE-2023-40791
extractusertosg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for trygrabpage...
SUSE CVE-2007-5589
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...
SUSE CVE-2012-0064
xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab...
SUSE CVE-2013-1998
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service crash and possibly execute arbitrary code via crafted length or index values to the 1 XGetDeviceButtonMapping, 2 XIPassiveGrabDevice, and 3 XQueryDeviceState functions...
SUSE CVE-2022-1720
Buffer Over-read in function grabfilename in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...
AstraLocker 2.0 ransomware isn’t going to give you your files back
Reversing Labs reports that the latest verison of AstraLocker ransomware is engaged in a a so-called "smash and grab" ransomware operation. Smash and grab is all about maxing out profit in the fastest time. It works on the assumption by malware authors that security software or victims will find...
Malicious code in grab-login (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80167770569c74e9a58b9e9b796e11cfeda2451d513e307c21485b8b9ec30b72 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grab-locale (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73f4a6e44fec9cf6fa3ac283fca9b75a652db4f8b3a7322ee01c213676bf1694 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3431 Malicious code in grab-locale (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73f4a6e44fec9cf6fa3ac283fca9b75a652db4f8b3a7322ee01c213676bf1694 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grab-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5aeead40c6ea31db7f121a77aa9b48ae49993444adca67e57f5a27b7a0652c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3433 Malicious code in grab-storage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98e1089b589ccad73505c806c28a3b46444fe6563145d1b5ca336971eb1bce56 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grab-id (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2582603362be992351747677061132c3f941b31bbcf01d70aa7a9d9114ae62a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...