WordPress Advanced Recent Posts Plugin <= 0.6.14 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Recent Posts Type Plugin Vulnerable versions = 0.6.14 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0212 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 40ae855e2918 Credits Lana Codes...

BidenCash Market Leaks 2M Credit Cards in Birthday Blitz

By Waqas As analyzed by Hackread.com, the leaked details contain over 500,000 email addresses along with credit card numbers and CVV codes in plain text. This is a post from HackRead.com Read the original post: BidenCash Market Leaks 2M Credit Cards in Birthday Blitz...

WordPress OAuth Server Plugin < 4.3.0 is vulnerable to Broken Access Control

Software OAuth Server Type Plugin Vulnerable versions 4.3.0 Fixed in 4.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4148 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 20d9eb3b6ea8 Credits Lana Codes Required privilege...

MAL-2023-2978 Malicious code in esqinfohttppush (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2515bbc175db61f18354836ad556651e49fd26c8c0b9767c6e9816fd61b62131 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

AudioCodes Device Manager Express 路径遍历漏洞

AudioCodes Device Manager Express is a powerful lifecycle management tool for AudioCodes IP phones, EPOS and Jabra headsets and speakers from AudioCodes Israel. A path traversal vulnerability exists in AudioCodes Device Manager Express 7.8.20002.47752 and prior versions, which stems from a path...

AudioCodes Device Manager Express 路径遍历漏洞

AudioCodes Device Manager Express is a powerful lifecycle management tool for AudioCodes IP phones, EPOS and Jabra headsets and speakers from AudioCodes Israel. A path traversal vulnerability exists in AudioCodes Device Manager Express 7.8.20002.47752 and prior versions, which stems from a...

AudioCodes Device Manager Express 跨站脚本漏洞

AudioCodes Device Manager Express is a powerful lifecycle management tool for AudioCodes IP Phones, EPOS and Jabra headsets and speakers from AudioCodes Israel. A cross-site scripting vulnerability exists in AudioCodes Device Manager Express 7.8.20002.47752 and prior versions, which originates fr...

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria By Daksh Kapur · February 23, 2023 Figure 1 image from freepik.com & flaticon.com The recent earthquake that shook Syria and Turkey left a devastating trail of destruction. The whole world has shown its support and...

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria By Daksh Kapur · February 23, 2023 Figure 1 image from freepik.com & flaticon.com The recent earthquake that shook Syria and Turkey left a devastating trail of destruction. The whole world has shown its support and...

Siemens SCALANCE X-200RNA Switch Devices Inappropriate Encoding For Output Context (CVE-2019-6110)

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in- The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. - In OpenSSH 7.9, due to accepting and...

Observable Timing Discrepancy in Login Portal

Description An observable discrepancy in response times is present in the login portal. When brute forcing valid email accounts, the timing on a valid account is significantly higher than that of an invalid user account. This is likely due to the use of Bcrypt's compare function being utilized by...

K15939: pl_tree.php XSS vulnerability CVE-2014-9342

Security Advisory Description Cross-site scripting XSS vulnerability in the tree view pltree.php feature in Application Security Manager ASM in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation...

K88628547: glibc vulnerability CVE-2019-6488

Security Advisory Description The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for sizet in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as...

K12252011: OpenSSH vulnerability CVE-2019-6109

Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional...

Lack of brute force protection

Issue Description • A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until an attacker discover the one correct combination that works. Steps to Reproduce: '1. First capture login request with BurpSuite,...

SUSE CVE-2007-1659

Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes...

SUSE CVE-2013-6627

net/http/httpstreamparser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational aka 1xx status codes, which allows remote web servers to cause a denial of service out-of-bounds read via a crafted response...

SUSE CVE-2015-2278

The LZH decompression implementation CsObjectInt::BuildHufTree function in vpa108csulzh.cpp in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers t...

SUSE CVE-2016-2379

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...

SUSE CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...