WordPress WP Opt-in plugin <= 1.4.1 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress WP Opt-in plugin versions = 1.4.1. Solution Deactivate and delete. This plugin has been closed as of June 15, 2022 and is not available for download. This closure is temporary, pendin...

WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF

The plugin is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. PoC...

Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and put...

Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation

CloudBees CD Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM during the deployment/publication of an application. CloudBees CD Plugin no longer does that. Instead, the existing opt-in option to ignore SSL/TLS errors is used during deployment fo...

GHSA-XMQV-PFW7-QMJ7 Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation

CloudBees CD Plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM during the deployment/publication of an application. CloudBees CD Plugin no longer does that. Instead, the existing opt-in option to ignore SSL/TLS errors is used during deployment fo...

GHSA-J99G-QJVX-995G Contao Does Not Expire Tokens Correctly

Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...

Contao Does Not Expire Tokens Correctly

Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...

WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin < 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin versions 1.2.2. Solution Update the WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin to the latest available versi...

WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin < 1.2.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin versions 1.2.2. Solution Update the WordPress Pretty Opt In Lite – Content Locker for Lead Generation plugin to the latest available version at least 1.2.2...

Norton’s Antivirus Product Now Includes an Ethereum Miner

Norton 360 can now mine Ethereum. Its opt-in, and the company keeps 15%. Its hard to uninstall this option...

Facebook to Shut Down Facial Recognition System and Delete Billions of Records

Facebook's newly-rebranded parent company Meta on Tuesday announced plans to discontinue its decade-old "Face Recognition" system and delete a massive trove of more than a billion users' facial recognition templates as part of a wider initiative to limit the use of the technology across its...

October 12, 2021-KB5006065 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016

October 12, 2021-KB5006065 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016 Release Date: October 12, 2021 Version: .NET Framework 4.8 The October 12, 2021 update for Windows 10, version 1607 and Windows Server, version 2016 includes cumulativ...

October 12, 2021-KB5005539 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, Windows Server, version 20H2, and Windows Version 21H1

October 12, 2021-KB5005539 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, Windows Server, version 20H2, and Windows Version 21H1 Release Date: October 12, 2021 Version: .NET Framework 3.5 and 4.8 The October 1...

Nextcloud: Default Nextcloud allows http federated shares

userA on serverA runs on http only 2. userA sends a federated share to userB on serverB 3. userB is a normal user so he has no clue that there is no secure transport used and accepts the share 4. all the data written to and read from is now no longer protected by TLS Impact While maybe a bit far...

CVE-2020-35137

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work aka com.mobileiron. The key is in com/mobileiron/registration/RegisterActivity.java and can be used for...

CVE-2020-35137

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work aka com.mobileiron. The key is in com/mobileiron/registration/RegisterActivity.java and can be used for...

Hardcoded credentials

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work aka com.mobileiron. The key is in com/mobileiron/registration/RegisterActivity.java and can be used for...

PT-2021-11715 · Mobileiron · Mobileiron

Name of the Vulnerable Software and Affected Versions: MobileIron agents through 2021-03-22 for Android and iOS Description: The issue concerns a hardcoded API key used for communication with the MobileIron SaaS discovery API. This key is found in the...

Making the Most of SPS Secure Consumer: Go To Market Best Practices

Seeing opportunities as residential internet services have been transformed into business internet services, ISPs and Mobile Network Operators MNOs are making moves to use the power of their networks to protect customers. As they progress through the decision and deployment cycles, we often get...

July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2

July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2 The July 2016 update rollup includes some new improvements and fixes, including the improvements from June 2016 update rollup KB3161606 and May 2016 update rollup KB3156418 for the Windows 8.1 and 2012 R2 platform. We recommend th...