19 matches found
WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WooCommerce PDF Invoice Builder versions = 1.2.148...
MAL-2024-2151 Malicious code in down_load_ebook_cambiemos_de_via_by_edgar_morin_s4uv8 (npm)
--- -= Per source details. Do not edit below this line.=-...
WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.103 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.103 Fixed in 1.2.104 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46076 Patch priority High CVSS severity High 7.1 Developer Edgar Rojas PSID e196625e8b7e Credits LEE S...
WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.90 is vulnerable to Cross Site Scripting (XSS)
Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.90 Fixed in 1.2.91 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4160 Patch priority Low CVSS severity Low 5.9 Developer Edgar Rojas PSID 27b991f0b0a1 Credits Marco...
WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.91 is vulnerable to Broken Access Control
Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.91 Fixed in 1.2.92 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4245 Patch priority Low CVSS severity Low 4.3 Developer Edgar Rojas PSID f1eb4f613ca1 Credits Marco Wotschka...
WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.89 is vulnerable to SQL Injection
Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.89 Fixed in 1.2.90 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-3677 Patch priority High CVSS severity High 8.5 Developer Edgar Rojas PSID 2cec7ed323a9 Credits Marco Wotschka Required privilege...
WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.90 is vulnerable to Cross Site Request Forgery (CSRF)
Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.90 Fixed in 1.2.91 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3764 Patch priority Low CVSS severity Low 4.3 Developer Edgar Rojas PSID 32ad6bbe40fc Credits Marco...
Kim Kardashian gets huge fine for crypto ad
The Securities and Exchange Commission SEC announced in a recent press release that it's charging celebrity influencer Kim Kardashian for violating Section 17b of the Securities Act of 1933, or the anti-touting provision. Kardashian was paid to promote EthereumMax or EMAX, a crypto asset security...
Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule
The SEC recently proposed a regulation to require all public companies to report cybersecurity incidents within four days of determining that the incident is material. While Rapid7 generally supports the proposed rule, we are concerned that the rule requires companies to publicly disclose a cyber...
edgar.k12.wi.us Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1115423 Security Researcher MrRain1996 Helped patch 994 vulnerabilities Received 4 Coordinated Disclosure badges Received 9 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting edgar.k12.wi.us website a...
@angstone/micro (=0.0.1), @angstone/microservice (=0.0.17) +4 more potentially affected by CVE-2019-10790 via taffy (=2.6.2)
taffy NPM version =2.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on taffy and may be impacted: - @angstone/micro =0.0.1 - @angstone/microservice =0.0.17 - anrajs =1.0.0, =0.0.1, =0.0.7, =1.0.6 - neyka =3.0.0 Source cves: CVE-2019-10790 Source...
@angstone/micro (=0.0.1), @angstone/microservice (=0.0.17) +4 more potentially affected by CVE-2019-10790 via taffy (=2.6.2)
taffy NPM version =2.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on taffy and may be impacted: - @angstone/micro =0.0.1 - @angstone/microservice =0.0.17 - anrajs =1.0.0, =0.0.1, =0.0.7, =1.0.6 - neyka =3.0.0 Source cves: CVE-2019-10790 Source...
U.S. Issues Multiple Charges For 2016 SEC Hack
Two Ukrainains have been indicted in hacking the U.S. Securities and Exchange Commission SEC in order to steal and sell non-public, confidential information from publicly-traded companies. The two have been charged as part of a large-scale conspiracy to hack the SEC’s computer systems and profit ...
Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme
The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online...
Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme
The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online...
2016 SEC Hack May Have Benefited Insider Trading
The U.S. Securities and Exchange Commission, the watchdog of Wall Street, said this week that hackers infiltrated one of its systems last year, something that likely facilitated insider trading. The SEC waited nearly nine months to disclose the hack. SEC Chairman Jay Clayton devoted four sentence...
SEC Discloses Hackers Broke Into Edgar Corporate Filing System Last Year
This month has been full of breaches. Now, the Securities and Exchange Commission SEC, the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information. On Wednesday, the SEC announced...
edgarwinter.com XSS vulnerability
Vulnerable URL: http://www.edgarwinter.com/gallery/display.php?ID=74%22%27--!%3E%3Cscript%3EalertOPENBUGBOUNTY%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3950927 V...
vRealize Operations (vROps) updates address privilege escalation vulnerability
vROps privilege escalation issue vROps contains a privilege escalation vulnerability. Exploitation of this issue may allow a vROps user who has been assigned a low-privileged role to gain full access over the application. In addition it may be possible to stop and delete Virtual Machines managed ...