CVE-2022-27629

Cross-site request forgery CSRF vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors...

CVE-2022-27629

The CVE concerns WordPress plugin “MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership” with vulnerable versions prior to 1.9.6. A Cross‑Site Request Forgery (CSRF) vulnerability could allow a remote attacker, if a logged‑in admin visits a malicious page, to hijack the admin...

Security update for watchman (important)

openSUSE Security Update: Security update for watchman Announcement ID: openSUSE-SU-2022:0016-1 Rating: important References: 1181400 1194470 Cross-References: CVE-2022-21944 Affected Products: openSUSE Backports SLE-15-SP3 An update that solves one vulnerability and has one errata is now...

Atlassian Jira Access Control Error Vulnerability (CNVD-2022-05438)

Atlassian Jira is a defect tracking management system from Atlassian Australia. An access control error vulnerability exists in Atlassian Jira Server and Data Center due to an interruption access control vulnerability in /secure/EditSubscription.jspa, which can be exploited by a remote,...

CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from...

Improper access control

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from...

CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from...

Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store

A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. The latest...

What is Twitch?

Twitch is primarily a site dedicated to live streaming content. It also offers the ability to chat with others in the Stream you happen to be in via text. The primary draw of Twitch streams is video games and e-sports, leading to the rise of many big name streamers and content creators. Is Twitch...

osbuild-composer bug fix and enhancement update

An update is available for osbuild, osbuild-composer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OSBuild-Composer provides an image-building service based o...

osbuild-composer bug fix and enhancement update

OSBuild-Composer provides an image-building service based on OSBuild. Bug fixes and Enhancements: OSBuild Composer can now work with multiple subscriptions and custom CA certificates. This is useful, for instance, when the host system is subscribed to multiple repositories managed by Satellite...

Over 10 Million Android Users Targeted With Premium SMS Scam Apps

A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed "UltimaSMS" — is believed to commenced in May 2021 and involved app...

WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Subscriptions & Memberships for PayPal plugin versions = 1.1.2. Solution Update the WordPress Subscriptions & Memberships for PayPal plugin to the latest available version at least 1.1.3...

Discord scammers lure victims with promise of free Nitro subscriptions

A number of bogus offers are doing the rounds in Discord land at the moment. Discord, a group text chat/VoiP app of choice for many gaming communities, is having a bit of trouble with phishing links. You may recall we’ve covered a lot of Discord scams previously. Service users can create bots,...

MGASA-2021-0445 Updated mosquitto packages fix security vulnerability

Mosquitto is updated to 2.0.12 to fix security vulnerability: In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client...

CVE-2021-24728

The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages...

CVE-2021-24728

The CVE-2021-24728 issue affects the WordPress plugin Membership & Content Restriction – Paid Member Subscriptions, specifically versions before 2.4.2. The root cause is that the plugin does not sanitise, validate, or escape the order and orderby parameters before using them in SQL statements, re...

WordPress plugin Membership & Content Restriction – Paid Member Subscriptions SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2021-38317

The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the planid parameter in the /views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3...

CVE-2021-38317 Konnichiwa! Membership <= 0.8.3 Reflected Cross-Site Scripting

The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the planid parameter in the /views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3...