Fedora: Security Advisory for filezilla (FEDORA-2023-7934efb5e3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Google has revealed a new multilingual text vectorizer called RETVec short for Resilient and Efficient Text Vectorizer to help detect potentially harmful content such as spam and malicious emails in Gmail. "RETVec is trained to be resilient against character-level manipulations including insertio...

[SECURITY] Fedora 37 Update: roundcubemail-1.6.5-1.fc37

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.5-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Babel Security Vulnerabilities

Babel is a multilingual support module used in content management systems. A security vulnerability exists in Babel. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor's announcement...

Security Bulletin: Vulnerability in snappy-java affects IBM Process Mining . CVE-2023-34453

Summary There is a vulnerability in snappy-java that could allow a remote attacker to execute a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION:...

[SECURITY] Fedora 38 Update: roundcubemail-1.6.3-1.fc38

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

WordPress Advanced Exchange Rates for WooCommerce Multilingual Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Exchange Rates for WooCommerce Multilingual Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ac20ba53363a Credi...

Gergana Karadzhova-Dangela wants to send the ladder back down to the next generation of incident responders

Gergana Karadzhova-Dangela is used to being with users during some of their toughest moments. Today, she spends much of her time responding to active cybersecurity incidents with Cisco Talos Incident Response, helping customers work through active attacks, many of which put personal data or...

CVE-2023-2472

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which...

Pharmacy Management System SQL Injection Vulnerability

Pharmacy Management System MPMS is a multilingual pharmacy management system. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which originates from the email parameter in logincore.php that lacks validation of externally entered SQL statements. An attacker can exploit thi...

Apache OpenMeetings Authorization Issues Vulnerability

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. An authorization issue vulnerability exists in Apache OpenMeetings versions...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ Cross-Site Scripting Vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or vendor...

WPML Multilingual CMS < 4.6.1 - Reflected Cross-Site Scripting

The plugin does not escape some URL attributes before outputting them to a page, leading to a Reflected Cross-Site Scripting vulnerability. PoC After setting up the plugin, visit the following URL: /wp-login.php?wplang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert0%0c...

WordPress Translatepress Multilinugal plugin < 2.3.3 - Authenticated SQL Injection Vulnerability

Exploit Title: Translatepress Multilinugal WordPress plugin 2.3.3 - Authenticated SQL Injection Exploit Author: Elias Hohl Vendor Homepage: https://translatepress.com/ Software Link: https://wordpress.org/plugins/translatepress-multilingual/ Version: 2.3.3 Tested on: Ubuntu 20.04 CVE :...

WordPress Translatepress Multilingual SQL Injection

Exploit Title: Translatepress Multilinugal WordPress plugin 2.3.3 - Authenticated SQL Injection Exploit Author: Elias Hohl Date: 2022-07-23 Vendor Homepage: https://translatepress.com/ Software Link: https://wordpress.org/plugins/translatepress-multilingual/ Version: 2.3.3 Tested on: Ubuntu 20.04...

Translatepress Multilinugal WordPress plugin &lt; 2.3.3 - Authenticated SQL Injection

Exploit Title: Translatepress Multilinugal WordPress plugin 2.3.3 - Authenticated SQL Injection Exploit Author: Elias Hohl Date: 2022-07-23 Vendor Homepage: https://translatepress.com/ Software Link: https://wordpress.org/plugins/translatepress-multilingual/ Version: 2.3.3 Tested on: Ubuntu 20.04...

WordPress WPML - WordPress Multilingual Plugin < 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software WPML - WordPress Multilingual Type Plugin Vulnerable versions 4.6.1 Fixed in 4.6.1 OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6e47dc7713a3 Credits N/A Required privilege...

March 14, 2023, cumulative update for SharePoint Enterprise Server 2013 (KB5002366)

March 14, 2023, cumulative update for SharePoint Enterprise Server 2013 KB5002366 Cumulative update packages for Microsoft SharePoint Enterprise Server 2013 contain hotfixes for the issues that were fixed since the release of SharePoint Enterprise Server 2013. Note: This is build 15.0.5537.1000 o...