420 matches found
WordPress Drop Shadow Boxes Plugin <= 1.7.14 is vulnerable to Arbitrary Code Execution
Software Drop Shadow Boxes Type Plugin Vulnerable versions = 1.7.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10262 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID ab9605f66d27 Credits Arkadiusz Hydzik Required privilege...
CVE-2024-8481
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...
CVE-2024-8481
CVE-2024-8481 affects the WordPress plugin Special Text Boxes up to 6.2.2 due to the filter add_filter('comment_text','do_shortcode') allowing unauthenticated arbitrary shortcode execution in comments. A patch exists; upgrade to 6.2.4 or later to remediate.
CVE-2024-8481 Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...
WordPress plugin The Special Text Boxes 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...
WordPress Special Text Boxes plugin <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Special Text Boxes versions = 6.2.4...
PT-2024-39047 · WordPress · Special Text Boxes
Name of the Vulnerable Software and Affected Versions: The Special Text Boxes plugin for WordPress versions up to and including 6.2.2 Description: The issue is related to arbitrary shortcode execution. This is due to the plugin adding the filter add filter'comment text','do shortcode';, which run...
WordPress Special Text Boxes Plugin <= 6.2.2 is vulnerable to Bypass Vulnerability
Software Special Text Boxes Type Plugin Vulnerable versions = 6.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Bypass Vulnerability CVE CVE-2024-8481 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID ff741af18511 Credits Francesco Carlucci Required privilege...
Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide
Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d aka Void. "It is a backdoor that puts its components in the system storage area and, when commanded by attacker...
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to ...
CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...
DEBIAN-CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...
UBUNTU-CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...
CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...
CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...
CVE-2024-45191
Matrix libolm up to version 3.2.16 contains an AES implementation vulnerable to cache-timing attacks due to S-box usage in the SubWord step. This affects the libolm-based Olm library used by Matrix, with the caveat that affected products are noted as no longer supported by the maintainer. Connect...
CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...
CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...
CVE-2024-45191
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...
Xpdf 安全漏洞
Xpdf is a free PDF viewer and toolkit from Xpdf, Inc. that includes a text extractor, image converter, HTML converter, and more. A security vulnerability exists in Xpdf version 4.05 and earlier versions, which stems from a page box with extremely large coordinates MediaBox, CropBox, etc. that may...