[SECURITY] Fedora 35 Update: python-pycares-4.0.0-5.fc35

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously...

WordPress plugin OMGF 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the OMGF...

PT-2021-22031

Name of the Vulnerable Software and Affected Versions Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.11 Description The Gutenberg Template Library & Redux Framework plugin registered several AJAX actions available to unauthenticated users in the includes function in...

[SECURITY] Fedora 33 Update: c-ares-1.17.2-1.fc33

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

The vulnerabilities of the implementations of functions based on the AJAX technology, such as motor_load_more(), motor_gallery_load_more(), motor_quick_view(), and motor_project_quick_view(), in the “Motor – Cars, Parts, Service, Equipments and Accessories” theme. This theme is part of the WooCommerce store and uses the WordPress content management system. These vulnerabilities allow an attacker to execute arbitrary PHP code or gain unauthorized access to protected information.

The vulnerability of implementations based on the AJAX technology—motorloadmore, motorgalleryloadmore, motorquickview, and motorprojectquickview—in the “Motor: Cars, Parts, Service, Equipment, and Accessories” theme. This vulnerability is related to shortcomings in path name restrictions for the...

The vulnerability of the commercial vBulletin web forum exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the commercial forum engine vBulletin exists due to the failure to address the issue of eliminating specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the ajax/render/widgettabbedcontainertabpanel request...

Wordpress Plugin Email Subscriber 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...

[SECURITY] Fedora 34 Update: rust-asyncgit-0.16.3-3.fc34

Allow using git2 in a asynchronous context...

USN-5034-2: c-ares vulnerability

USN-5034-1 fixed a vulnerability in c-ares. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use...

USN-5034-1: c-ares vulnerability

Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use this issue to perform Domain Hijacking attacks...

libcares2 跨站脚本漏洞

libcares2 is a C library in the openSUSE project that performs DNS requests and name resolution asynchronously. A cross-site scripting vulnerability exists in libcares2 that stems from improper validation of hostname input...

CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp...

CVE-2021-24474

The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesomeweatherrefresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting XSS Vulnerability...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Awesome Weather Widget plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in...

USN-5007-1: libuv vulnerability

Eric Sesterhenn discovered that libuv incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information or cause a crash...

WordPress 插件路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in WordPress...

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

ALPINE-CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

CVE-2021-28690

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX the default and preferred option requires selecting a...