curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

Remote Code Execution (RCE)

simple-git is vulnerable to remote code execution.The vulnerability exists in the clone function of git.js because of enabling the ext transport protocol which allows an attacker to inject and execute arbitrary codes into the system. This is an incomplete fix of CVE-2022-24066...

Event Registration System 代码问题漏洞

Event Registration System is an event registration system with QR codes by Carlo Montero Personal Developer. A security vulnerability exists in the Event Registration System version 1.0, which stems from an incorrect manipulation of the parameter cmd leading to unrestricted file uploads...

A Ride on the Wild Side with Hacking Heavyweight Sick Codes

Beverage of Choice: Krating Daeng Thai Red Bull Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies Present & Past: Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently...

Remote Code Execution (RCE)

heimdal is vulnerable to remote code execution. The vulnerability exists due to an invalid free in ASN.1 codec which allows an attacker to inject and execute arbitrary codes into the system...

WordPress Organization chart plugin <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Lana Codes Patchstack Alliance in the WordPress Organization chart plugin versions = 1.4.1. Solution Update the WordPress Organization chart plugin to the latest available version at least 1.4.2...

WordPress Responsive Lightbox2 plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Responsive Lightbox2 plugin versions = 1.0.3. Solution Update the WordPress Responsive Lightbox2 plugin to the latest available version at least 1.0.4...

WordPress Videojs HTML5 Player plugin <= 1.1.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Videojs HTML5 Player plugin versions = 1.1.8. Solution Update the WordPress Videojs HTML5 Player plugin to the latest available version at least 1.1.9...

WordPress Easy Video Player plugin <= 1.2.2.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Easy Video Player plugin versions = 1.2.2.2. Solution Update the WordPress Easy Video Player plugin to the latest available version at least 1.2.2.3...

WordPress Car Dealer plugin <= 3.04 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress Car Dealer plugin versions = 3.04. Solution Update the WordPress Car Dealer plugin to the latest available version at least 3.05...

WordPress WP Memory plugin <= 2.45 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress WP Memory plugin versions = 2.45. Solution Update the WordPress WP memory plugin to the latest available version at least 2.46...

WordPress StopBadBots plugin <= 7.23 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress StopBadBots plugin versions = 7.23. Solution Update the WordPress StopBadBots plugin to the latest available version at least 7.24...

WordPress WPTools plugin <= 3.42 - Auth. Arbitrary Plugin Installation vulnerability

Auth. Arbitrary Plugin Installation vulnerability discovered by Lana Codes in WordPress WPTools plugin versions = 3.42. Solution Update the WordPress WP Tools plugin to the latest available version at least 3.43...

WordPress Welcart e-Commerce plugin <= 2.8.3 - Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability

Auth. Arbitrary Shipping Method Creation/Update/Deletion vulnerability discovered by Lana Codes in WordPress Welcart e-Commerce plugin versions = 2.8.3. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.8.4...

Privilege Escalation

python3.10 is vulnerable to privilege escalation. The vulnerability exists when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine which...

Information Disclosure

Concrete CMS is vulnerable to information disclosure.The vulnerability exists in multiple functions due to whoops error output when debug mode is left in production, allowing an attacker to execute arbitrary codes via server-side sensitive information...

WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin versions = 1.1.0. Solution No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is...

WordPress OAuth Client by DigitialPixies plugin <= 1.1.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Lana Codes in WordPress OAuth Client by DigitialPixies plugin versions = 1.1.0 Solution No patched version is available. This plugin has been closed as of October 21, 2022 and is not available for download. This closure is temporary,...

Medium: curl

Issue Overview: A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor. CVE-2022-322...

F5 Networks BIG-IP : OpenSSH vulnerability (K42531048)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K42531048 advisory. In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server ...