PT-2024-8661 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a flaw in the authentication procedure when handling "magic hash" passwords. This flaw can allow a remote attacker to bypass the authentication process due to a loose...

Apple TV Image Remote Control

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple TV Image Remote Control', 'Description' = %q This module will show an image on an AppleTV device for a period of time. Some AppleTV devices...

CVE-2024-3679 Premium SEO Pack – WP SEO Plugin <= 1.6.001 - Unauthenticated Information Exposure

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

The vulnerability of the SCADA system MasterSCADA, related to deficiencies in password protection mechanisms, allows unauthorized access to the project by intruders.

The vulnerability of the SCADA system MasterSCADA is related to deficiencies in the password protection mechanism of the project file. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the project by reverting the password hash value...

CVE-2024-5880

The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauthenticated attackers to gain unauthorized...

CVE-2024-5880

The CVE-2024-5880 entry refers to the WordPress plugin Hide My Site, affecting all versions up to 2.2. The vulnerability is Unauthenticated Sensitive Information Exposure caused by the plugin not restricting REST API access when password protection is enabled, allowing unauthenticated attackers t...

PT-2024-37217 · WordPress · Hide My Site

Name of the Vulnerable Software and Affected Versions: Hide My Site plugin for WordPress versions up to, and including, 2.2 Description: The issue allows unauthenticated attackers to gain unauthorized access to the site due to the plugin not restricting access to the REST API when password...

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

The U.S. Cybersecurity and Infrastructure Security Agency CISA has disclosed that threat actors are abusing the legacy Cisco Smart Install SMI feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available...

Best Practices for Cisco Device Configuration

In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protoco...

PT-2024-7424 · Unknown · Masterscada

Name of the Vulnerable Software and Affected Versions: MasterSCADA affected versions not specified Description: The issue is related to weaknesses in the password protection mechanism of the MasterSCADA SCADA system. Exploitation of this issue may allow an attacker to gain unauthorized access to ...

HMS Industrial Networks Anybus-CompactCom 30

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Industrial Networks Equipment: Anybus-CompactCom 30 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...

CVE-2024-2795

The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts...

CVE-2024-4997 WPUpper Share Buttons <= 3.43 - Missing Authorization

The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and page...

CVE-2024-0437

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or...

CVE-2024-0437 Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or...

CVE-2023-47435

An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages...

CVE-2023-47435

The vulnerability CVE-2023-47435 affects hexo-theme-matery v2.0.0, with the root cause in the verifyPassword function that allows bypassing authentication and accessing password-protected pages. Impact is authentication bypass; no exploit details provided in the sources. Remediation is not confir...

WordPress Inline Related Posts plugin < 3.6.0 - Subscriber+ Password Protected Post Read vulnerability

Subscriber+ Password Protected Post Read vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Inline Related Posts versions 3.6.0...

CVE-2024-2966

CVE-2024-2966 affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin. The issue is Sensitive Information Exposure via the element_pack_ajax_search function in all versions up to 5.5.6, allowing unauthenticated attackers...

CVE-2023-6257 Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts...