CVE-2021-39201

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Impact The issue allows an authenticated but low-privileged user like contributor/author to execute XSS in the editor. This bypasses the restrictions imposed on users who do n...

Double free

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Impact The issue allows an authenticated but low-privileged user like contributor/author to execute XSS in the editor. This bypasses the restrictions imposed on users who do n...

TREVORspray - A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API

TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API By @thetechr0mancer Microsoft is getting better and better about blocking password spraying attacks against O365...

Remote code execution

Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app...

WordPress Pinterest Automatic Pin plugin <= 4.14.3 - Unauthenticated Arbitrary WordPress Options Change vulnerability

Unauthenticated Arbitrary WordPress Options Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Pinterest Automatic Pin plugin versions = 4.14.3. Solution Update the WordPress Pinterest Automatic Pin plugin to the latest available version at least 4.14.4...

WordPress Automatic < 3.53.3 - Unauthenticated Arbitrary Options Update

The plugin was vulnerable to Unauthenticated Arbitrary Options Update...

Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update

The plugin was vulnerable to Unauthenticated Arbitrary Options Update...

VulnCheck KEV: CVE-2021-4374

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...

VulnCheck KEV: CVE-2021-4380

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated...

WordPress Automatic premium plugin <= 3.53.2 - Unauthenticated Arbitrary WordPress Options Change vulnerability

Unauthenticated Arbitrary WordPress Options Change vulnerability discovered by Jerome Bruandet in WordPress Automatic premium plugin versions = 3.53.2. Solution Update the WordPress Automatic premium plugin to the latest available version at least 3.53.3...

Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface

An advanced, yet simple, tunneling tool that uses a TUN interface. by TNP IT Security Introduction Ligolo-ng is a simple , lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection without the need of SOCKS. Features Tun interface No more SOCKS! Simpl...

Important: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

F5 Networks BIG-IP : OpenSSL vulnerability (K42910051)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.4 / 15.1.4.1 / 16.1.2. It is, therefore, affected by a vulnerability as referenced in the K42910051 advisory. The X.509 GeneralName type is a generic type for representing different types of names. One of those name...

Microsoft Windows Defender Multiple RCE Vulnerabilities (Jul 2021)

This host is missing a critical security update according to Microsoft Security Updates released for Microsoft Windows Defender Protection Engine dated 13-07-2021. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

Salesforce Release Updates — A Cautionary Tale for Security Teams

On the surface, Salesforce seems like a classic Software-as-a-Service SaaS platform. Someone might even argue that Salesforce invented the SaaS market. However, the more people work with the full offering of Salesforce, the more they realize that it goes beyond a traditional SaaS platform's...

GSD-2021-1001468 netrom: Decrease sock refcount when sock timers expire

netrom: Decrease sock refcount when sock timers expire This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.277 by commit...

CVE-2021-37555

The CVE-2021-37555 entry describes TX9 Automatic Food Dispenser v3.2.57 with a root-access vulnerability via telnet on port 23 using the default root password 059AnkJ, enabling shell access and filesystem download through BusyBox tools (e.g., tar, nc). Related material (CVE-2019-16734) indicates ...

Rockstar Games: Uninstalling Rockstar Games Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication

In this report, the researcher identified a potential weakness in Rockstar Games Launcher that caused the application to retain profile data on the local machine, even after the application was uninstalled. This included auto sign-in flags, resulting in automatic sign-ins when reinstalling Rockst...

openSUSE 15 Security Update : icinga2 (openSUSE-SU-2021:1069-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1069-1 advisory. - Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CR...

Zibo Shining Network Technology Co., Ltd. ships 100cms with SQL injection vulnerability

Shipping 100cms is a virtual goods auto shipping system/article pay to read system, no need to manually manned, customers can buy online to automatically complete the transaction. There is a SQL injection vulnerability in Shipping 100cms by Zibo Shining Network Technology Co. Attackers can use th...