104 matches found
DEBIAN-CVE-2021-29450
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...
CVE-2021-29450
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...
CVE-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...
CVE-2021-29450
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...
CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...
CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...
UBUNTU-CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...
CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...
CVE-2021-29447 WordPress Authenticated XXE attack when installation is running PHP 8
Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...
CVE-2021-29447
CVE-2021-29447 is an XXE vulnerability in WordPress media handling (getID3 parsing WAV iXML chunks) that affects WordPress 5.6–5.7 on PHP 8+. Authenticated authors can upload a malicious WAV to trigger XML External Entity substitution (LIBXML_NOENT), enabling access to internal files. The issue i...
CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...
CVE-2019-1020011
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority...
Turn On Auto-Updates Everywhere You Can
Meltdowns like the Chrome zero day bug show why enabling auto-updates can be the wisest choice for many consumers...
Arq 5.10 - Local Privilege Escalation Exploit (2)
Exploit for macOS platform in category local exploits !/bin/bash Arq payload.sh EOF !/bin/bash rm -rf $HOME/.arq510privescexp while : do pid=\ps auxwww |grep '$app/Contents/MacOS/Arq' |grep -v grep |xar...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 60.0.3112.80 Platform version: 9592.71.0 for most Chrome OS devices . This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over the next several days. Some highlights of these changes are:...
Play Protect: Android’s new security system is now available
Play Protect, a security suite for Android devices, was originally introduced in mid-May of this year during the Google I/O conference. And in just a couple of months, the tech giant has made it available for all their mobile users. Play Protect is the amalgamation of Google’s Android security...
July 2017 security update release
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...
LINE for Windows may insecurely load Dynamic Link Libraries
Overview LINE for Windows provided by LINE Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
MS KB3119884: Improperly Issued Digital Certificates Could Allow Spoofing
The remote host is missing KB3119884, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the...
MS KB3097966: Inadvertently Disclosed Digital Certificates Could Allow Spoofing
The remote host is missing KB3097966, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the...