CVE-2022-0234

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

PT-2022-13005 · WordPress · Wp Maintenance Mode & Coming Soon

Name of the Vulnerable Software and Affected Versions: Coming soon and Maintenance mode WordPress plugin version 3.5.2 and earlier Description: The issue concerns a lack of authorization and CSRF checks in the coming soon send mail AJAX action. This allows any authenticated users, even those with...

Fedora: Security Advisory for libnbd (FEDORA-2022-2fa5931425)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress SpiderCalendar plugin is vulnerable to a cross-site scripting vulnerability that stems from the...

Instaloctrack - An Instagram OSINT Tool To Collect All The Geotagged Locations Available On An Instagram Profile In Order To Plot Them On A Map, And Dump Them In A JSON

A tool to scrape geotagged locations on Instagram profiles. Output in JSON & interactive map. TL;DR : ascineema, video of the project requirements sudo apt install chromium-chromedriver && chmod a+x /usr/bin/chromedriver ️ installation git clone https://github.com/bernsteining/instaloctrack cd...

CVE-2022-0485

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

CVE-2021-24919

The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection...

WordPress plugin 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Perfect Survey plugin in versions prior to 1.5.2 has a cross-site request forgery vulnerability, which stems from the absence of CSRF in the saveglobalsetting AJAX action check, an...

Mageia: Security Advisory (MGASA-2021-0554)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0332)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libnbd 代码问题漏洞

libnbd is a library for editing NBD Network Block Device clients. A code issue vulnerability exists in libnbd that stems from the product's copy tool, nbdcopy, blindly treating the completion of an asynchronous command as a success without checking the resultant error parameter when performing a...

CVE-2021-24968

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewdufaqwelcomeaddfaq and ewdufaqwelcomeaddfaqpage AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions...

CVE-2021-46200

An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php...

The vulnerability of the CIS library for asynchronous DNS requests allows attackers to access confidential data, compromise its integrity, and cause service failures. This vulnerability stems from the lack of measures taken to protect the structure of web pages.

The vulnerability of the CIS library for asynchronous DNS requests is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and cause service interruptions...

[SECURITY] Fedora 35 Update: python-celery-5.2.3-2.fc35

An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks c...

Fedora: Security Advisory for python-celery (FEDORA-2022-1dae017601)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:4150-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Update to version 91.4 MFSA 2021-54 bsc1193485 - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscre...

CVE-2021-45252

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability...

CoAP Protocol: Definition, Architecture

Professionals involved in IoT network designing or development must have come across CoAP. A dedicatedly set standard by IETF, it works the best when it comes to constrained IoT-enabled solutions. To make you understand CoAP Constrained Application Protocol better, we have prepared this post,...