CVE-2024-1462

The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...

Nomore403 - Tool To Bypass 403/40X Response Codes

nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad...

BIT-GITLAB-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

Login form doesn't get disabled when option is disabled from authentication methods

h3. Issue Summary When we remove the option to authenticate with username and password from the login form we could still use basic authentication to login. This is reproducible on Data Center: Yes h3. Steps to Reproduce Step-1. Remove the option to authenticate with username and password from th...

CVE-2024-21915

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...

CVE-2024-24935

Cross-Site Request Forgery CSRF vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4...

CVE-2024-24935

Cross-Site Request Forgery CSRF vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4...

CVE-2024-24935

CVE-2024-24935 is a CSRF vulnerability in the WordPress plugin WpSimpleTools Basic Log Viewer (Basic Log Viewer). Affected version range is up to and including 1.0.4 . The CVE entry notes a CSRF risk that could enable unauthorized actions, but the provided connected documents indicate the vulnera...

CVE-2024-24935 WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4...

WordPress Plugin Basic Log Viewer Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-20673 · Unknown · Wpsimpletools Basic Log Viewer

Name of the Vulnerable Software and Affected Versions: WpSimpleTools Basic Log Viewer versions 1.0.4 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Basic Log Viewer, allowing unauthorized actions to be performed. Recommendations: For versions 1.0.4 and earlier, updat...

Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer

Description The Basic Log Viewer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'wpstlwviewer' function. This makes it possible for unauthenticated attackers to erase error logs...

WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Basic Log Viewer Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24935 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5f0c62583a0d Credits Dhabaleshwar Das...

Mobotix S14 Camera Cleartext Transmission of Sensitive Information (CVE-2019-7675)

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-o...

(Pwn2Own) Canon imageCLASS MF753Cdw rls-login Authorization Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the Authorization header provided to the...

[SECURITY] Fedora 39 Update: systemd-254.8-2.fc39

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...