101 matches found
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
PT-2023-23838 · Kainex · Kainex Wise Chat
Name of the Vulnerable Software and Affected Versions: Kainex Wise Chat versions 3.1.3 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Kainex Wise Chat. This issue allows an attacker to perform unintended actions on a user's account. Recommendations: For versions 3.1.3 an...
PT-2023-22717 · Tribulant · Tribulant Newsletters Plugin
Name of the Vulnerable Software and Affected Versions: Tribulant Newsletters plugin versions = 4.8.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...
PT-2023-24647 · Pascal Casier · Bbpress Toolkit Plugin
Name of the Vulnerable Software and Affected Versions: Pascal Casier bbPress Toolkit plugin versions 1.0.12 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that t...
PT-2023-29836 · WordPress · Mahlamusa Who Hit The Page – Hit Counter
Name of the Vulnerable Software and Affected Versions: Mahlamusa Who Hit The Page – Hit Counter plugin versions = 1.4.14.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application tha...
2023 OWASP Top-10 Series: Wrap Up
Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude th...
PT-2023-3555 · Ibm · Ibm Robotic Process Automation
Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7.6 IBM Robotic Process Automation versions 23.0.0 through 23.0.6 Description: The issue is related to weaknesses in the authentication procedure of the software. Exploitation of thi...
Siemens SICAM P850 and P855 Devices Session Fixation (CVE-2022-40226)
A vulnerability has been identified in SICAM P850 All versions V3.10, SICAM P855 All versions V3.10. Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login. This plug...
The vulnerability of the Zabbix universal monitoring system, related to the lack of measures taken to protect the website structure, allows attackers to compromise data integrity.
The vulnerability of the Zabbix universal monitoring system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the data...
PT-2023-20416 · WordPress · Registrationmagic
Name of the Vulnerable Software and Affected Versions: RegistrationMagic plugin versions = 5.1.9.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...
PT-2023-19545 · Wpdevart · Wpdevart Organization Chart
Name of the Vulnerable Software and Affected Versions: WpDevArt Organization chart versions 1.4.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a...
ASB-A-228101796
Bulletin has no description...
PT-2022-23481 · Jizhicms · Jizhicms
Name of the Vulnerable Software and Affected Versions: jizhicms version 2.3.1 Description: An issue was discovered that allows for a CSRF vulnerability, which can be exploited to add an admin. Recommendations: For jizhicms version 2.3.1, as a temporary workaround, consider implementing CSRF...
Sharp SIM-Swapping Spike Causes $68M in Losses
SIM-swapping – the practice of duping mobile carriers into switching a target’s phone services to an attacker-controlled phone – is on the rise, the Feds are warning – leading to millions in losses for consumers who found their bank accounts drained and other accounts taken over. Subscriber...
Siemens SICAM PQ Analyzer
1. EXECUTIVE SUMMARY CVSS v3 3.4 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SICAM PQ Analyzer Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve persistence on the system or cause a...
How to Protect Your Cloud Environment from Supply Chain Attacks
Learn how to protect your cloud environment from supply chain attacks...
ROS-2-1703
2.1703 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
ASB-A-189392423
1188785118878711887891188792...
Rapid7 Joins Statement On DMCA Lawsuits Against Security Tools
Rapid7 has joined a statement from members of the cybersecurity community cautioning against using Section 1201 of the Digital Millennium Copyright Act DMCA to suppress beneficial security tools. In the past, Rapid7 has written extensively about DMCA Sec. 1201’s impact on performing independent...
The vulnerability of the Mozilla Firefox browser, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute cross-site scripting attacks.
The vulnerability of the Mozilla Firefox browser is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...