WordPress plugin Classified Listing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

OESA-2024-1390 emacs security update

Emacs is the extensible, customizable, self-documenting real-time display editor. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a proje...

Nextcloud: Event create can create attachments that link to other websites

The vulnerability allowed the creation of attachments that could link to other websites during the event creation process...

PT-2024-23123 · Cosign +1 · Cosign +1

Name of the Vulnerable Software and Affected Versions: Cosign versions prior to 2.2.4 Description: Cosign provides code signing and transparency for containers and binaries. A remote image with a malicious attachment can cause denial of service of the host machine running Cosign, impacting other...

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs...

Privacy Leakage

emacs is vulnerable to a Privacy Leakage. The vulnerability is due to LaTeX preview being enabled by default for email attachments, allows attackers can automatically generating LaTeX previews for email attachments, potentially disclosing sensitive information to unintended recipients...

New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA

Financial organizations in the Asia-Pacific APAC and Middle East and North Africa MENA are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said in a technical report published...

CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

PDF Viewer Macro 安全漏洞

PDF Viewer Macro is an open source macro for XWiki SAS. It allows viewing PDF files attached to XWiki pages from within the XWiki page. A security vulnerability exists in PDF Viewer Macro 2.5 and earlier versions, which stems from the fact that a user with editing privileges can use the PDF Viewe...

PT-2024-23306 · Mozilla · Pdf.Js

Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.1 Description: The macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro by passing the attachment U...

CVE-2024-3248

In Xpdf 4.05 and earlier, a PDF object loop in the attachments leads to infinite recursion and a stack overflow...

CVE-2024-3248

In Xpdf 4.05 and earlier, a PDF object loop in the attachments leads to infinite recursion and a stack overflow...

CVE-2024-3248 Stack overflow in Xpdf 4.05 due to object loop in attachments

In Xpdf 4.05 and earlier, a PDF object loop in the attachments leads to infinite recursion and a stack overflow...

CVE-2024-3248 Stack overflow in Xpdf 4.05 due to object loop in attachments

In Xpdf 4.05 and earlier, a PDF object loop in the attachments leads to infinite recursion and a stack overflow...

PT-2024-24603

Name of the Vulnerable Software and Affected Versions Xpdf versions 4.05 and earlier Description The issue is caused by a PDF object loop in the attachments, leading to infinite recursion and a stack overflow. Recommendations For versions 4.05 and earlier, update to a newer version to mitigate th...

SUSE CVE-2024-30204

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments...

StrelaStealer Resurfaces with Upgraded Attack Chain

Summary: A recent wave of phishing attacks has been detected, targeting over 100 organizations across the United States and the European Union. These attacks aim to distribute StrelaStealer, a dynamic information-stealing malware. The attackers employ spam emails containing attachments that...

Gnu emacs has an unspecified vulnerability

Gnu emacs is a family of text editors in the American GNU community. Gnu emacs suffers from a security vulnerability that stems from enabling LaTeX preview for email attachments by default. No details of the vulnerability are provided at this time...

CVE-2024-29196 phpMyFAQ Path Traversal in Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...

CVE-2024-29196 phpMyFAQ Path Traversal in Attachments

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6...