PT-2023-29833 · Bplugins Llc · Icons Font Loader

Name of the Vulnerable Software and Affected Versions: bPlugins LLC Icons Font Loader versions 1.1.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

Icons Font Loader < 1.1.2.1 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...

VulnCheck KEV: CVE-2023-4911

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBCTUNABLES environment variable, allowing a local attacker to execute code with elevated privileges...

CVE-2023-5860

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload...

CVE-2023-5860 Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload...

CVE-2023-5860

CVE-2023-5860 refers to the Icons Font Loader WordPress plugin vulnerable to arbitrary file uploads due to missing file type validation in the upload function, affecting versions up to and including 1.1.2. The issue requires authenticated access at administrator level or higher, enabling an attac...

CVE-2023-47204

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

PT-2023-32379 · WordPress · Icons Font Loader

Name of the Vulnerable Software and Affected Versions: Icons Font Loader plugin for WordPress versions up to, and including, 1.1.2 Description: The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function. This makes...

WordPress Plugin Icons Font Loader Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to Arbitrary File Upload

Software Icons Font Loader Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-5860 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID e7c1b6cac566 Credits Alex Thomas Required privilege...

Hackers Utilize MSIX App Packages to Disseminate GHOSTPULSE Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new cyber attack campaign has emerged, involving the use of fake MSIX Windows app packages masquerading as legitimate applications. These deceptive MSIX packages are employed to distribute a new malwar...

Trojanized PyCharm Software Version Delivered via Google Search Ads

A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. "Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python...

CVE-2023-45672

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...

Deserialization of untrusted data

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...

CVE-2023-45672 Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...

SUSE CVE-2023-45663

stbimage is a single file MIT licensed library for processing images. The stbigetn function reads a specified number of bytes from context typically a file into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not...

Battling a new DarkGate malware campaign with Malwarebytes MDR

First publicly reported in 2018, DarkGate is a Windows-based malware with a wide-range of capabilities including credential stealing and remote access to victim endpoints. Until recently, it was only seen being delivered through traditional email malspam campaigns. In late August 2023, however,...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to the stbigifloadnext function. An attacker can leak internal memory allocation information by triggering an out of bounds memcpy read with a crafted image file. This happens because twoback points to a memory...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the stbihdrload and stbitgaload functions. An attacker can read a specified number of bytes from context into an uninitialized buffer by manipulating the file stream to point to the end. This is only...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the stbiloadgifmain function, an attacker can cause a memory leak or a double-free error by manipulating the delays output value. This is only exploitable if stbiloadgifmain returns a null value and stbiconvertformat is...