2673 matches found
CVE-2024-29209
The CVE-2024-29209/29210 family concerns Phish Alert Button (PAB) for Outlook and related KnowBe4 clients. Technical details across connected records show: attack via update mechanism (CVE-2024-29209) where the client fails to validate the update server’s TLS/SSL and ignores digital signatures, e...
CVE-2024-29210
CVE-2024-29210 describes a local privilege escalation in Phish Alert Button for Outlook (PAB) caused by insecure permissions on the configuration file (update server URL). An unprivileged local user can modify the configuration to point updates to a malicious server, enabling LPE in conjunction w...
CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...
CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...
CVE-2024-29210
A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
Knowbe4 Phish Alert Button 安全漏洞
Knowbe4 Phish Alert Button is an application from Knowbe4, Inc. A security vulnerability exists in Knowbe4 Phish Alert Button, which stems from insufficient domain authentication and could lead to remote code execution by Outlook PAB via DNS spoofing...
Knowbe4 Phish Alert Button 安全漏洞
Knowbe4 Phish Alert Button is an application from Knowbe4 Inc. A security vulnerability exists in Knowbe4 Phish Alert Button that stems from the ability to perform local elevation of privilege by modifying configuration files...
PT-2024-22812 · Unknown · Phish Alert Button For Outlook
Name of the Vulnerable Software and Affected Versions: Phish Alert Button for Outlook affected versions not specified Description: A local privilege escalation issue has been identified in the configuration management functionalities of Phish Alert Button for Outlook. Recommendations: At the...
Oracle Linux 9 : xorg-x11-server (ELSA-2024-2169)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2169 advisory. - Fix use after free related to CVE-2024-21886 - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and...
CVE-2024-33928
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0...
CVE-2024-33928 WordPress CodeBard's Patron Button and Widgets for Patreon plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0...
CVE-2024-33928
CVE-2024-33928 affects CodeBard's Patron Button and Widgets for Patreon (WordPress plugin), with a Reflected XSS vulnerability due to improper neutralization of input during web page generation. Affected versions are from n/a through 2.2.0. Exploitation would involve attacker-supplied script exec...
CVE-2024-33928 WordPress CodeBard's Patron Button and Widgets for Patreon plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0...
WordPress plugin CodeBard s Patron Button and Widgets for Patreon 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin CodeBard ...
PT-2024-25561 · Codebard · Patron Button/Widgets For Patreon
Name of the Vulnerable Software and Affected Versions: CodeBard's Patron Button and Widgets for Patreon versions n/a through 2.2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...
CVE-2024-2750
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-1805
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...
CVE-2024-1805
The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or...
WordPress Sticky Buttons plugin < 3.2.4 - Button Deletion via CSRF vulnerability
Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Sticky Buttons versions 3.2.4...
WordPress Wow Skype Buttons plugin < 4.0.4 - Button Deletion via CSRF vulnerability
Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Wow Skype Buttons versions 4.0.4...