GHSA-H3HV-63Q5-JGPR Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

CVE-2023-4501

User authentication with username and password credentials is ineffective in OpenText Micro Focus Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server including product variants such as Enterprise Test Server, versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and...

Default credentials

User authentication with username and password credentials is ineffective in OpenText Micro Focus Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server including product variants such as Enterprise Test Server, versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and...

CVE-2023-4501

OpenText (Micro Focus) Visual COBOL, COBOL Server, and Enterprise products (including Enterprise Developer/Enterprise Server) are affected. The issue: LDAP-based authentication can bypass and allow login with any valid username (and any password) or even an invalid username with any password for ...

CVE-2023-4501 Authentication bypass in OpenText (Micro Focus) Enterprise Server

User authentication with username and password credentials is ineffective in OpenText Micro Focus Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server including product variants such as Enterprise Test Server, versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and...

Azure vs. AWS Developer Tools Guide

Azure vs. AWS — which should you use for your DevOps environment? Discover the differences, similarities, and use cases to make an informed decision...

KLA60561 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Visual Studio can be...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party could exploit the vulnerabilities to cause a denial-of-service, grant himself elevated privileges granted privileges or execute arbitrary code with privileges from the developer. Successful exploitation requires the...

WordPress Simple Download Counter Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Simple Download Counter Type Plugin Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4838 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a3fef251b40f Credits NGÔ THIÊN AN ancor...

WordPress Slimstat Analytics Plugin <= 5.0.9 is vulnerable to SQL Injection

Software Slimstat Analytics Type Plugin Vulnerable versions = 5.0.9 Fixed in 5.0.10 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-4598 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 8c9d4c888c2a Credits WordFence Required privilege Contributor...

WordPress JQuery Accordion Menu Widget Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software JQuery Accordion Menu Widget Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4890 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4715a521c168 Credits Lana Codes...

WordPress Staff / Employee Business Directory for Active Directory Plugin < 1.2.3 is vulnerable to Broken Access Control

Software Staff / Employee Business Directory for Active Directory Type Plugin Vulnerable versions 1.2.3 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-4757 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 41d386a4513c...

Fedora: Security Advisory for python3.9 (FEDORA-2023-7aa64e4a41)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`

Impact This vulnerability can be categorized as a security misconfiguration. It impacts users of our project who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. In it's...

WordPress My Account Page Editor for Woocommerce Plugin < 1.3.2 is vulnerable to Arbitrary File Upload

Software My Account Page Editor for Woocommerce Type Plugin Vulnerable versions 1.3.2 Fixed in 1.3.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4536 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 67cdcd9b4665 Credits Alexander Concha...

WordPress Media Library Assistant Plugin <= 3.09 is vulnerable to Remote Code Execution (RCE)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.09 Fixed in 3.10 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4634 Patch priority High CVSS severity High 10 Developer Claim ownership PSID a9f84b644a17 Credits Pepitoh Required privilege...

WordPress Defender Security Plugin < 4.1.0 is vulnerable to Bypass Vulnerability

Software Defender Security Type Plugin Vulnerable versions 4.1.0 Fixed in 4.1.0 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-5089 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID e45ed857552b Credits Juan Pablo Gomez Postigo Required...

WordPress Auto Amazon Links Plugin <= 5.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Auto Amazon Links Type Plugin Vulnerable versions = 5.3.1 Fixed in 5.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4482 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0c8ec5425b66 Credits Marco Wotschka Require...

WordPress Locatoraid Store Locator Plugin < 3.9.24 is vulnerable to Cross Site Scripting (XSS)

Software Locatoraid Store Locator Type Plugin Vulnerable versions 3.9.24 Fixed in 3.9.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4476 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ce175b515c5f Credits Dao Xuan...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update August 2023

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to August 2023. IBM 8 SR8 FP5 1.8.0371. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IB...