820 matches found
WordPress plugin Google Authenticator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress miniOrange's Google Authenticator plugin <= 5.5.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress miniOrange's Google Authenticator plugin versions = 5.5.7. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.5.75...
miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=mo2fatwofa&a"alert/XSS/...
miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=mo2fatwofa"...
WordPress plugin Google Authenticator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to Google Authenticator...
MAL-2022-6791 Malicious code in universal-authenticator-library-js-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 634c9abec0578ad529a15e3faab7ef695e47e5a1b95299329e27a8ca7e00e22f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting
The plugin does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks v ' / v...
Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the Account Name settings and click on the 'Change App name' button: " autofocus onfocus=alert/XSS//...
Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Put the following payload in the Account Name settings and click on the 'Change App name' button: " autofocus...
miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup PoC Enable 2FA + Website Security and...
miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Enable 2FA + Website Security and put...
WordPress miniOrange's Google Authenticator plugin <= 5.5.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Niraj Mahajan in WordPress miniOrange's Google Authenticator plugin versions = 5.5.5. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.5.6...
Exploit for Deserialization of Untrusted Data in Atlassian Bitbucket_Data_Center
CVE-2022-26133 Information Description SharedSecre...
Kubernetes: Bypass validation parts in AWS IAM Authenticator for Kubernetes
Multiple bypasses were discovered in AWS IAM Authenticator for Kubernetes. An attacker could craft a token without a signed cluster ID header and use it for replay attacks, manipulate the extracted AccessKeyID to gain higher permissions in the cluster, and send a request to other action values...
This World Password Day consider ditching passwords altogether
Did you know that May 5, 2022, is World Password Day?1 Created by cybersecurity professionals in 2013 and designated as the first Thursday every May, World Password Day is meant to foster good password habits that help keep our online lives secure. It might seem strange to have a day set aside to...
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...
Design/Logic Flaw
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile Android before version 9.7.3495...
CVE-2021-25266
The CVE-2021-25266 entry describes an insecure data storage vulnerability in Sophos Authenticator for Android (