MGASA-2025-0002 Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Vulnerabilities were found in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are prior to 7.0.22 and prior to 7.1.2. A difficult to exploit vulnerability allows a high privileged attacker with logon to the infrastructure where Oracl...

PT-2024-39255 · WordPress · Donation Forms By Charitable

Name of the Vulnerable Software and Affected Versions: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress versions up to, and including, 1.8.1.14 Description: The issue is due to the plugin not properly verifying a user's identity when the ID parameter is supplie...

IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPFire proxy.cgi RCE', 'Description' = %q IPFire, a free linux based open source firewall distribution, version 'h00die ', module '0x09AL'...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-00617)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the wp-admin/update-core.php file in WordPress before 4.7.1. A...

DEBIAN-CVE-2017-5488

Multiple cross-site scripting XSS vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 version header of a plugin...

UBUNTU-CVE-2017-5488

Multiple cross-site scripting XSS vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 version header of a plugin...