WordPress plugin Folder Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-17276 · WordPress · Folder Gallery

Name of the Vulnerable Software and Affected Versions: Folder Gallery plugin for WordPress versions up to, and including, 1.7.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode due to insufficient input sanitization and output escaping on...

WordPress Folder Gallery plugin <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Folder Gallery versions = 1.7.4...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.5 fixed: IMAP could crash when reading cached messages fixed: Enabling "Show Folder Size" on Maildir profile could render Thunderbird unusable fixed: Messages corrupted by folder compaction were only fixed by...

PT-2024-35976 · Samsung · Samsung Magician

Name of the Vulnerable Software and Affected Versions: Samsung Magician version 8.1.0 Description: An issue was discovered in the installer of Samsung Magician on Windows, allowing an attacker to create arbitrary folders in the system permission directory via a symbolic link during the installati...

How to Add Exclusions to Veeam Threat Hunter Scan

Purpose This article documents how to exclude files from the Veeam Threat Hunter scan. Solution To exclude specific files or folders from Veeam Threat Hunter scans, add a registry entry on your Veeam Backup Server: Registry Path: HKLM\SOFTWARE\Veeam\Veeam Threat Hunter\ Value Name:...

CVE-2024-54124

In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen...

Click Studios Passwordstate 安全漏洞

Click Studios Passwordstate passwordstate is a password management software from the Click Studios team in Australia. The program provides users with the ability to save their passwords, record their accounts and passwords, and keep them safe. This program offers you the possibility to keep a...

CVE-2024-54124

Affected software: Click Studios Passwordstate prior to build 9920. Issue: potential permission escalation on the edit folder screen due to a root cause described in CVE-2024-54124. Impact: high (CVSS 3.1 base score 8.8) with full confidentiality, integrity, and availability impact; attack vector...

PT-2024-36056 · Click Studios · Passwordstate

Name of the Vulnerable Software and Affected Versions: Click Studios Passwordstate versions prior to build 9920 Description: The issue concerns a potential permission escalation on the edit folder screen. Recommendations: For versions prior to build 9920, update to a version that includes the fix...

CVE-2024-11969

The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal non-admin user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised...

CVE-2024-11969 Incorrect default permissions in Cradlepoint NetCloud Exchange

The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal non-admin user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised...

CVE-2024-11969

The NetCloud Exchange client for Windows v1.110.50 has an insecure file/folder permissions issue that grants full control to the Everyone group, enabling a local non-admin user to escalate privileges, potentially execute arbitrary code, and maintain persistence. No explicit remediation version is...

New “CleverSoar” Installer Targets Chinese and Vietnamese Users

CleverSoar Installer Used to Deploy Nidhogg Rootkit and Winos4.0 Framework Against Targeted Users In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims. CleverSoar is designed to deploy and protect multip...

CVE-2024-11145

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5...

CVE-2024-11145 Easy Folder Listing Pro deserialization vulnerability

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5...

CVE-2024-11145 Easy Folder Listing Pro deserialization vulnerability

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5...

Valor Apps Easy Folder Listing Pro 安全漏洞

Valor Apps Easy Folder Listing Pro is a flexible, easy-to-use extension from Valor Apps for listing the contents of any folder. A security vulnerability exists in Valor Apps Easy Folder Listing Pro versions prior to 4.5, which stems from the presence of a deserialization vulnerability that allows...

PT-2024-16787 · Valor Apps · Easy Folder Listing Pro

Name of the Vulnerable Software and Affected Versions: Valor Apps Easy Folder Listing Pro versions prior to 3.8 and 4.5 Description: The issue is a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! applicatio...

openSUSE Security Advisory (SUSE-SU-2024:4050-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...