CVE-2023-5802

CVE-2023-5802 – WordPress Knowledgebase (WP Knowledgebase) CSRF remains a CSRF vulnerability in the WP Knowledgebase plugin for WordPress, affecting versions ≤ 1.3.4. Public documentation lists CSRF as the underlying issue; Patchstack notes low severity with no available fix, and official CVE ent...

PT-2023-32338 · WordPress · Wp Knowledgebase

Name of the Vulnerable Software and Affected Versions: WP Knowledgebase plugin versions = 1.3.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated...

WordPress Plugin wp-knowledgebase Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress WP Knowledgebase Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Knowledgebase Type Plugin Vulnerable versions = 1.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5802 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 564bb1aa5c13 Credits Nguyen Xuan Chien...

Uvdesk 1.1.3 Shell Upload

Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Date: 28/07/2023 Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python...

Uvdesk v1.1.3 - File Upload Remote Code Execution (Authenticated) Exploit

Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python3 CVE-2023-39147....

Rockwell Automation MicroLogix 1100 and 1400

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100 and 1400 Vulnerabilities: Cross-site Scripting, Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of these...

Qualys API Best Practices: Host List Detection API

Host List Detection is your subscriptions list of hosts and their corresponding up-to-date detections including: 1. Confirmed Vulnerability Detections 2. Potential Vulnerability Detections 3. Information Gathered Detections about your system After extracting Host List Detection vulnerability data...

Qualys API Best Practices: KnowledgeBase API

This API Best Practices Series shows how to optimize your API usage starting with the KnowledgeBase API. The accompanying video presents these API best practices along with live code examples, so that you can effectively integrate the KnowledgeBase with other data and use it in process automation...

(RHSA-2020:5607) Important: fapolicyd bug fix update

The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. Bug Fixes: When an update...

Important: fapolicyd bug fix update

The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. Bug Fixes: When an update...

PAN-OS Critical Buffer Overflow Vulnerability (CVE-2020-2040) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

On Sept 9, 2020, Palo Alto Networks published nine security bulletins addressing vulnerabilities in PAN-OS operating system versions 8.0 or later. One of the nine CVEs released, CVE-2020-2040, received a critical severity rating score of 9.8 based on the CVSS v3 Scoring system. PAN-OS devices are...

Vulnerability Detection Pipeline (Beta)

Update October 22, 2020: The Vulnerability Detection Pipeline beta has been updated to include detections of all severities. It now gives visibility into upcoming and recently published detections with severity 3, 2 and 1 in addition to severity 5 and 4. The pipeline also supports a URL parameter...

Microsoft Netlogon Vulnerability (CVE-2020-1472 – Zerologon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

Update October 1, 2020: Microsoft has added step-by-step Zerologon patching instructions because the original instructions "proved confusing to users and may have caused issues with other business operations." Update October 1, 2020: Qualys released new QID 91680 to add a remote unauthenticated...

ALSA-2020:3176 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: XML external entity XXE vulnerability in PgSQLXML CVE-2020-13692 This update...

CVE-2020-14012

scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent...

Design/Logic Flaw

scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent...

CVE-2020-14012

scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent...

(RHSA-2020:2332) Low: Red Hat Satellite 5 - End Of Life Notice

After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the...

(RHSA-2020:2331) Low: Red Hat Satellite Proxy 5 - End Of Life Notice

After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit...