194 matches found
CVE-2024-33550
Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0...
CVE-2024-33550 WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability
Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0...
CVE-2024-33550 WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability
Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.This issue affects WP Masquerade: from n/a through 1.1.0...
CVE-2024-33550
CVE-2024-33550 affects the WordPress WP Masquerade plugin (versions n/a–1.1.0). The issue is an Improper Privilege Management vulnerability enabling Privilege Escalation by authenticated users (Subscriber+). Public exploit details are not provided in the documents beyond the authenticated account...
WordPress plugin WP Masquerade 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability
Authenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WP Masquerade versions = 1.1.0...
WordPress WP Masquerade Plugin <= 1.1.0 is vulnerable to Privilege Escalation
Software WP Masquerade Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-33550 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 711ee525c5d1 Credits Rafie...
PT-2024-23114 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: ZITADEL versions prior to 2.42.17 ZITADEL versions 2.42.17 through 2.48.3 Description: ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it i...
masquerade-proxy (=0.1.0), monoio-quiche (=0.0.1) +3 more potentially affected by CVE-2024-1765 via quiche (>=0.10.0 <=0.18.0)
quiche CARGO version =0.10.0, =0.1.0, =0.6.9 - quiche-tokio =0.1.0 - quiver-h3 =0.1.0 Source cves: CVE-2024-1765 Source advisory: OSV:GHSA-78WX-JG4J-5J6G...
masquerade-proxy (=0.1.0), monoio-quiche (=0.0.1) +3 more potentially affected by CVE-2024-1410 via quiche (>=0.10.0 <=0.18.0)
quiche CARGO version =0.10.0, =0.1.0, =0.6.9 - quiche-tokio =0.1.0 - quiver-h3 =0.1.0 Source cves: CVE-2024-1410 Source advisory: OSV:GHSA-XHG9-XWCH-VR7X...
Statamic Cross-Site Scripting Vulnerability
Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. A cross-site scripting vulnerability exists in Statamic that stems from an attacker being able to craft and upload HTML files that look...
masquerade-proxy (=0.1.0), monoio-quiche (=0.0.1) +2 more potentially affected by CVE-2023-6193 via quiche (>=0.16.0 <=0.18.0)
quiche CARGO version =0.16.0, =0.18.0 is affected by a known vulnerability. The following packages have a transitive dependency on quiche and may be impacted: - masquerade-proxy =0.1.0 - monoio-quiche =0.0.1 - quiche-tokio =0.1.0 - quiver-h3 =0.1.0 Source cves: CVE-2023-6193 Source advisory:...
CVE-2023-20519
A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity...
CVE-2023-20519
A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity...
CVE-2023-37426
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...
CVE-2023-37426 Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...
CVE-2023-37426
CVE-2023-37426 concerns Aruba Networks EdgeConnect SD-WAN Orchestrator. The issue is that installations prior to the versions resolved in advisories used shared static SSH host keys across all instances, allowing an attacker to spoof the SSH host signature and masquerade as a legitimate Orchestra...
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF fil...
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack
An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134 , said the attack led to the installation of Swiftbelt, a...
Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign
Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign. Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot Team, which is also tracked as...