Animated Counters < 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails

A double-free flaw was found in u32setparms in net/sched/clsu32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat...

kernel: nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net

A flaw was identified in the NFS server nfsd implementation in the Linux kernel where the initialization of the per-CPU replycachestats counters was relocated incorrectly in the code path. This change can lead to use of uninitialized per-CPU statistical counters during NFS request handling when t...

CVE-2023-5774

The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5774 Animated Counters <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5774

CVE-2023-5774 affects the WordPress plugin Animated Counters (versions ≤ 1.7). The vulnerability is a stored XSS via shortcode attributes caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor level or higher , and an attacker can ...

WordPress Plugin Animated Counters Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-32316 · WordPress · Animated Counters

Name of the Vulnerable Software and Affected Versions: Animated Counters plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied...

WordPress Animated Counters Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software Animated Counters Type Plugin Vulnerable versions = 1.7 Fixed in 1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5774 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cc65954492ea Credits Dmitrii Ignatyev Required...

CVE-2022-24401

Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...

CVE-2022-24401

Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...

Design/Logic Flaw

Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...

kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails

A double-free flaw was found in u32setparms in net/sched/clsu32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat...

Specific TCP and HTTP Counters on NetScaler.

...

The vulnerability of the nf_tables_delrule() function in the /net/netfilter/nf_tables_api.c file of the Linux kernel’s netfilter network interface layer allows a hacker to trigger a service failure.

The vulnerability of the nftablesdelrule function in the /net/netfilter/nftablesapi.c file of the Linux kernel’s netfilter network interface layer is related to improper handling of usage counters, which can lead to a memory leak. Exploiting this vulnerability could allow an attacker to cause a...

CVE-2023-24393

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Sk. Abul Hasan Animated Number Counters plugin = 1.6 versions...

CVE-2023-24393

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Sk. Abul Hasan Animated Number Counters plugin = 1.6 versions...

CVE-2023-24393 WordPress Animated Number Counters Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Sk. Abul Hasan Animated Number Counters plugin = 1.6 versions...

WordPress plugin animated-number-counters cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-12749 · Tetra · Tetra

Name of the Vulnerable Software and Affected Versions: TETRA affected versions not specified Description: The issue concerns adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, whic...