PT-2023-16188 · WordPress · Wp Shamsi

Name of the Vulnerable Software and Affected Versions: WP Shamsi WordPress plugin versions 4.3.3 and earlier Description: The issue concerns CSRF and broken access control vulnerabilities. These vulnerabilities allow a user with a role as low as a subscriber to delete attachments. Recommendations...

Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen

A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, the Ocelot Team...

Emotet Rises Again: Evades Macro Security via OneNote Attachments

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542,...

Emotet Rises Again: Evades Macro Security via OneNote Attachments

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542,...

[SECURITY] Fedora 37 Update: containerd-1.6.19-1.fc37

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

[SECURITY] Fedora 36 Update: containerd-1.6.19-1.fc36

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

Atlassian Jira 8.9.x < 8.9.1 Xss In Issue Attachments

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.9.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue...

Atlassian Jira 8.9.0 < 8.9.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.5, 8.6.0 prior to 8.8.2 or 8.9.0 prior to 8.9.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which allows remote attackers to inject arbitrary...

Atlassian Jira 8.0.7 < 8.5.5 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.5, 8.6.0 prior to 8.8.2 or 8.9.0 prior to 8.9.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which allows remote attackers to inject arbitrary...

Atlassian Jira 8.6.0 < 8.8.2 Xss In Issue Attachments

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.9.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue...

Atlassian Jira 8.0.8 < 8.5.5 Xss In Issue Attachments

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.9.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue...

[SECURITY] Fedora 38 Update: containerd-1.6.19-1.fc38

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

Information Disclosure

redmine is vulnerable to Information Disclosure. The library allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...

Debian: Security Advisory (DLA-537-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-0076

The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0076

CVE-2023-0076 affects the WordPress plugin “Download Attachments” prior to version 1.3. The vulnerability arises because the plugin does not validate and escape certain shortcode attributes before rendering them in posts, which can enable Stored XSS by users with the contributor role or higher. P...

WordPress plugin Download Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-15993 · WordPress · Download Attachments

Name of the Vulnerable Software and Affected Versions: Download Attachments WordPress plugin versions prior to 1.3 Description: The issue concerns the Download Attachments WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page o...

WordPress Download Attachments Plugin <= 1.2.24 is vulnerable to Cross Site Scripting (XSS)

Software Download Attachments Type Plugin Vulnerable versions = 1.2.24 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0076 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d4020e1c310d Credits Lana Codes...

CVE-2023-26478 org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...