CVE-2023-4645 Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the aiajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs including those of protected posts along with their...

Exploit for Out-of-bounds Write in Haxx Libcurl

CVE-2023-38545: Curl Vulnerability Proof of Concept This repos...

SUSE CVE-2023-34323

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming th...

PT-2024-12473 · Amd +2 · Amd Cpus +2

Name of the Vulnerable Software and Affected Versions: AMD CPUs affected versions not specified Description: The issue affects AMD CPUs with extensions to normal x86 debugging functions, introduced in CPUs since around 2014. Recommendations: At the moment, there is no information about a newer...

Siemens SICAM A8000 Device CPCI85 Firmware Hardcoded Credentials Vulnerability

The SICAM A8000 RTU Remote Terminal Unit series is a modular family of devices for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the CPCI85 firmware of the Siemens SICAM A8000 device, which can be exploited by an attacke...

PT-2023-6227 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S9 Juniper Networks Junos OS versions 21.1R1 and later Juniper Networks Junos OS versions prior to 21.2R3-S6 Juniper Networks Junos OS versions prior to 21.3R3-S5 Juniper Networks Junos OS...

Siemens CP-8031 信任管理问题漏洞

The SICAM A8000 RTU Remote Terminal Unit series is a modular family of devices for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the CPCI85 firmware of the Siemens SICAM A8000 device, which can be exploited by an attacke...

Chromecookiestealer - Steal/Inject Chrome Cookies Over The DevTools Protocol

Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies. Heavily inspired by WhiteChocolateMacademiaNut. Cookies are dumped as JSON objects using Chrome's own format. The same format is used for cookies to be loaded. For legal use only. Features Dump Chrome...

USN-6413-1 binutils vulnerabilities

It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2017-1712...

[SECURITY] Fedora 37 Update: traceroute-2.1.3-1.fc37

The traceroute utility displays the route used by IP packets on their way to a specified network or Internet host. Traceroute displays the IP number and host name if possible of the machines along the route taken by the packets. Traceroute is used as a network debugging tool. If you're having...

[SECURITY] Fedora 39 Update: traceroute-2.1.3-1.fc39

The traceroute utility displays the route used by IP packets on their way to a specified network or Internet host. Traceroute displays the IP number and host name if possible of the machines along the route taken by the packets. Traceroute is used as a network debugging tool. If you're having...

Fedora: Security Advisory for traceroute (FEDORA-2023-7133ff034c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: traceroute-2.1.3-1.fc38

The traceroute utility displays the route used by IP packets on their way to a specified network or Internet host. Traceroute displays the IP number and host name if possible of the machines along the route taken by the packets. Traceroute is used as a network debugging tool. If you're having...

EVE OS Security Vulnerability

EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from the Pillar eve container allowing an attacker to unlock debugging functionality without triggering the measurement...

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google's Threat Analysis Group TAG, which found the adversary setting up...

CVE-2023-39515

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

DEBIAN-CVE-2023-39515

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

Cross site scripting

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

CVE-2023-39515

Cacti Stored XSS (CVE-2023-39515) affects data_debug.php and is exploitable by authenticated users with General Administration&gt;Sites/Devices/Data, enabling JavaScript in admin-viewed data. Affected via malicious data-source path configuration; fix: upgrade to 1.2.25. Note: CVE-2023-49088 indic...

CVE-2023-39515 Stored Cross-site Scripting on data_debug.php datasource path view in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...