Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : amanda vulnerability (USN-6614-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6614-1 advisory. It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issu...

CVE-2023-6497 WordPress Simple Shopping Cart <= 4.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

Introducing Wordfence CLI 3.0.1: Now With Automatic Remediation!

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...

Exploit for Server-Side Request Forgery in Apache Ofbiz

BadBizness Automatic exploitation scrip...

WEM resets user-specified default printers in disconnected sessions

Users manually select default printers in their WEM-enabled desktop sessions. If they disconnect from the desktop not log off,and an automaticWEM Agent refresh occurs post-disconnect, WEM resets the user-specified default printer for that session. Consequently, when the user reconnects to their...

Apache OpenOffice < 4.1.15 Multiple Vulnerabilities (macOS)

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as stated in the vendor advisories and release notes. - Apache OpenOffice documents can contain links that call internal macros with arbitrary...

Directory traversal

Directory Traversal in Automatic-Systems SOC FL9600 FastLine legoT04E00 allows a remote attacker to obtain sensitive information...

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

CVE-2023-37607

Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter...

CVE-2023-37607

CVE-2023-37607 is a directory traversal vulnerability in Automatic Systems SOC FL9600 FastLine V06 (lego_T04E00). The issue arises in csvServer.php when the dir parameter contains a .. sequence, permitting remote access to sensitive files (example: getList=1 with dir traversal to /etc and file pa...

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

CVE-2023-37608

CVE-2023-37608 affects Automatic Systems SOC FL9600: FirstLane V06 lego_T04E00 and FastLine V06 legoT04E00 with a hardcoded super admin credential (Login: automaticsystems, Password: astech). A remote attacker could obtain sensitive information due to this hardcoded password. Exploit details are ...

CVE-2023-47804

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

CVE-2023-5203

CVE-2023-5203 affects WP Sessions Time Monitoring Full Automatic WordPress plugin prior to 1.0.9. The vulnerability stems from not sanitizing the request URL or query parameters before they are used in an SQL query, enabling unauthenticated attackers to extract data via blind time-based SQL injec...

CVE-2023-50258

Summary (CVE-2023-50258): Medusa is an open-source video library manager. Versions prior to 1.0.19 are vulnerable to an unauthenticated blind server-side request forgery (SSRF) in the testDiscord handler. The issue stems from not validating the user-controlled discord_webhook variable and passing...

Automatic Renewal Of Expired Authorization Tokens

emailproxy is vulnerable to Automatic Renewal Of Expired Authorization Tokens. The vulnerability is due to expired authorization tokens can be automatically renewed without verifying their validity against the original account configuration, specifically the password set up during the initial...

CVE-2023-49180

CVE-2023-49180 corresponds to a Stored Cross-Site Scripting in the WordPress plugin Automatic Youtube Video Posts (versions up to 5.2.2). The vulnerability affects the plugin via admin/settings context, allowing authenticated attackers with Administrator+ privileges to inject scripts. Public expl...

WordPress Plugin Automatic Youtube Video Posts Plugin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...