Lucene search
K

168 matches found

Malwarebytes
Malwarebytes
added 2023/06/07 11:0 a.m.14 views

How Coffee County Schools safeguards 7500 students and 1200 staff

We're excited to announce that our much-anticipated 4th edition of the Byte Into Security webinar series is now available on-demand. Originally aired on May 31st, this session is a goldmine for those facing the unique challenges of K-12 cybersecurity. The webinar is free, and you can watch it rig...

6.8AI score
Exploits0
Patchstack
Patchstack
added 2023/06/02 12:0 a.m.12 views

WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF)

Software Front End Users Type Plugin Vulnerable versions = 3.2.24 Fixed in 3.2.25 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34005 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9bd5b3b01292 Credits thiennv Required...

8.8CVSS6.6AI score0.00263EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/05/22 12:0 a.m.14 views

WordPress Front End Users Plugin < 3.2.25 is vulnerable to Cross Site Scripting (XSS)

Software Front End Users Type Plugin Vulnerable versions 3.2.25 Fixed in 3.2.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33322 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f8f8d9034f19 Credits thiennv Required...

7.1CVSS5.7AI score0.00379EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.5 views

SUSE CVE-2019-20892

net-snmp before 5.8.1.pre1 has a double free in usmfreeusmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release...

6.5CVSS9.4AI score0.02315EPSS
Exploits1References3
NVD
NVD
added 2022/11/28 10:15 p.m.22 views

CVE-2022-24189

The usertoken authorization header on the Ourphoto App version 1.4.1 /apiv1/ end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other use...

6.5CVSS0.00507EPSS
Exploits1References1
Prion
Prion
added 2022/11/28 10:15 p.m.18 views

Design/Logic Flaw

The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...

5CVSS7.4AI score0.00745EPSS
Exploits1References2Affected Software1
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/08/19 9:38 p.m.66 views

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service DoS or, in extreme cases, remote code execution RCE. Following our D-Bus blog post that focused on Linux, we searched for similar...

10AI score0.0069EPSS
Exploits0
Huntr
Huntr
added 2022/03/10 5:24 p.m.22 views

SSL verification omitted in OAuth2 credential flow

Description Pulsar uses Curl to send HTTPS requests and typically uses the tlsAllowInsecure global variable derived from isTlsAllowInsecureConnection to determine whether SSL verification¹ should be enabled/disabled². In the linked occurances, those checks do not occur and SSL verification is...

5.1CVSS0.2AI score0.00704EPSS
Exploits1
ThreatPost
ThreatPost
added 2022/02/17 2:11 p.m.126 views

Microsoft Teams Targeted With Takeover Trojans

Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops...

8.7AI score
Exploits0References8
Fedora
Fedora
added 2022/02/15 1:17 a.m.18 views

[SECURITY] Fedora 34 Update: dotnet-build-reference-packages-0-11.20220201git045b288.fc34

This contains references packages used for building .NET Core. This is not meant to be used by end-users...

1.7AI score
Exploits0
NVD
NVD
added 2022/01/11 8:15 p.m.20 views

CVE-2021-43974

An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous us...

5.3CVSS0.01416EPSS
Exploits1References3
OSV
OSV
added 2021/10/22 4:19 p.m.12 views

GHSA-4365-FHM5-QCRX Maliciously Crafted Model Archive Can Lead To Arbitrary File Write

Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...

7.3CVSS6.9AI score0.00734EPSS
Exploits0References4
Metasploit
Metasploit
added 2021/09/28 5:42 p.m.69 views

Flock Credential Gatherer

This module searches for credentials stored in Flock on a Windows host. Module Options msf use post/windows/gather/credentials/flock msf postflock show actions ...actions... msf postflock set ACTION msf postflock show options ...show and set options... msf postflock run This module requires...

6.9AI score
Exploits0
Metasploit
Metasploit
added 2021/09/28 5:42 p.m.229 views

Safari Credential Gatherer

This module searches for Safari credentials on a Windows host. Module Options msf use post/windows/gather/credentials/safari msf postsafari show actions ...actions... msf postsafari set ACTION msf postsafari show options ...show and set options... msf postsafari run This module requires Metasploi...

7AI score
Exploits0
Metasploit
Metasploit
added 2021/09/28 5:42 p.m.63 views

Internet Explorer Credential Gatherer

This module searches for Internet Explorer credentials on a Windows host. Module Options msf use post/windows/gather/credentials/ie msf postie show actions ...actions... msf postie set ACTION msf postie show options ...show and set options... msf postie run This module requires Metasploit:...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/09/24 3:51 p.m.6 views

Open Redirect in collectiveaccess/providence

Description Open Redirect on Login with parameter ?redirect= Proof of Concept // PoC.request POST /system/Auth/DoLogin HTTP/1.1 Host: demo.collectiveaccess.org Cookie: cademo=ea7632ab-0ad8-4b0f-939f-9e292f232ff6; CAcademouilocale=enUS User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93...

7AI score
Exploits0
OSV
OSV
added 2021/08/11 11:15 p.m.18 views

CVE-2021-37626

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

7.2CVSS6.9AI score
Exploits0References2
Prion
Prion
added 2021/08/11 11:15 p.m.17 views

Code injection

Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users...

6.5CVSS7AI score0.01023EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/08/11 11:15 p.m.19 views

Code injection

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

6.5CVSS7AI score0.01254EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/11 10:20 p.m.41 views

CVE-2021-37626 PHP file inclusion via insert tags

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

7.2CVSS7.3AI score0.01254EPSS
Exploits0References2
Rows per page
Query Builder