CVE-2023-1919

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglesavesettingscallback function. This makes it possible for unauthenticated attackers to change...

CVE-2023-1922 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_pause_cdn_integration_ajax_request_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpausecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...

Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution

// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...

PT-2023-17340 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the wpfc purgecache varnish callback function, making it possible for unauthenticated attackers to purge the varni...

PT-2023-17348 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue allows unauthorized data modification due to a missing capability check on the wpfc preload single callback function. This makes it possible for...

VulnCheck KEV: CVE-2023-1929

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfcpurgecachevarnishcallback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access...

WordPress Plugin Fastest Cache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Plugin Fastest Cache 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

AD Manager Plus 7122 Remote Code Execution

Exploit Title: AD Manager Plus 7122 - Remote Code Execution RCE Exploit Author: Chan Nyein Wai & Thura Moe Myint Vendor Homepage: https://www.manageengine.com/products/ad-manager/ Software Link: https://www.manageengine.com/products/ad-manager/download.html Version: Ad Manager Plus Before 7122...

DEBIAN-CVE-2023-1078

A flaw was found in the Linux Kernel in RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback uses listentry on the head of a list causing a type confusion. Local user can trigger this with rdsmessageput. Type confusion leads to struct rdsmsgzcopyinfo info actually points to something...

CVE-2023-0441

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enab...

Default credentials

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enab...

CVE-2023-1640

A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The...

PT-2023-17139 · Iobit · Iobit Malware Fighter

Name of the Vulnerable Software and Affected Versions: IObit Malware Fighter version 9.4.0.776 Description: A problematic issue has been found in the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. This issue leads to denial of service and can be exploited...

CVE-2021-3674

A flaw was found in rizin. The createsectionfromphdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function...

Memory corruption

A flaw was found in rizin. The createsectionfromphdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function...

PT-2023-35726 · Git +1 · Flac

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...

Rizin 缓冲区错误漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A security vulnerability exist...

PT-2023-12300 · Rizin · Rizin

Name of the Vulnerable Software and Affected Versions: rizin affected versions not specified Description: A flaw was found in the create section from phdr function, which allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads,...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1496)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...