WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Konnichiwa! Membership 0.8.3 and earlier versions,...

CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

Design/Logic Flaw

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

CVE-2021-34434

In Eclipse Mosquitto, CVE-2021-34434 affects versions 2.0 to 2.0.11 when using the dynamic security plugin: if a client’s ability to subscribe is revoked while a durable client is offline, existing subscriptions for that client are not revoked. Multiple connected advisories confirm the issue and ...

PT-2021-6512 · Eclipse +2 · Eclipse Mosquitto +2

Name of the Vulnerable Software and Affected Versions: Eclipse Mosquitto versions 2.0 through 2.0.11 Description: The issue is related to the dynamic security plugin in Eclipse Mosquitto. When the ability for a client to make subscriptions on a topic is revoked while a durable client is offline,...

CVE-2021-34434

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2021-22236

Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

Modified Version of WhatsApp for Android Spotted Installing Triada Trojan

A modified version of the WhatsApp messaging app for Android has been trojanized to intercept text messages, serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge. "The Trojan Triada snuck into one of these modified...

Triada Trojan in WhatsApp mod

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the optio...

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

The plugin did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. http://www.example.com/wp-admin/admin.php?page=pms-members-page&orderby=userid&order=asc,select from...

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

The plugin did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. PoC http://www.example.com/wp-admin/admin.php?page=pms-members-page=userid=asc,select from selectsleep10a...

WordPress Paid Member Subscriptions plugin <= 2.4.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Paid Member Subscriptions plugin versions = 2.4.1. Solution Update the WordPress Paid Member Subscriptions plugin to the latest available version at least 2.4.2...

Paid Member Subscriptions < 2.4.2 - Reflected Cross-Site Scripting (XSS)

The plugin was vulnerable to a Reflected Cross-Site Scripting XSS on the edit member page. No CSRF nonce was required. http://www.example.com/wp-admin/admin.php?page=pms-members-page&subpage=editmember&memberid=1%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...

SUSE-SU-2021:2458-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:2458-1 Rating: important References: 1188275 Cross-References: CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 CVSS scores: CVE-2021-29969 SUSE: 7.5...

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

...

DEBIAN-CVE-2021-20236

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as...