WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content Plugin <= 7.0 is vulnerable to Sensitive Data Exposure

Software WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content Type Plugin Vulnerable versions = 7.0 Fixed in 7.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7046 Patch priority Low CVSS severity Low 7.5...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Squid vulnerabilities (USN-6728-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6728-1 advisory. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to caus...

CVE-2023-7046

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to...

CVE-2023-7046 WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to...

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score < 7.1.0 - Sensitive Information Exposure via insufficiently protected files

Description The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated...

Wordpress Travelscape v1.0.3 Theme - Arbitrary File Upload Exploit

Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys import os.path import requests import re import urllib3 from requests.exceptions import SSLError from multiprocessing.dummy impor...

CVE-2024-27908

A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service...

CVE-2024-27909

A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot...

CVE-2024-27909

A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot...

CVE-2024-27909

The CVE-2024-27909 vulnerability affects Lenovo Printers, impacting the HTTPS service. Multiple connected sources describe a denial of service that could cause a system reboot, attributed to a buffer overflow in the HTTPS service (as per CNNVD-2024-404713 and related PT-2024-22125 notes). This is...

CVE-2024-27909

A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot...

CVE-2024-27908

A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service...

CVE-2024-27908

CVE-2024-27908 is a buffer overflow vulnerability reported in the HTTPS service of some Lenovo printers, leading to denial of service. The NVD entry notes a network-attack surface with a base score of 4.9 (Medium) and a impact profile of confidentiality/integrity as NONE and availability as HIGH;...

CVE-2024-27908

A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service...

TLS Certificate Check Bypass

libcurl is vulnerable to TLS Certificate Check Bypass. The vulnerability is caused due to libcurl not checking the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the...

PT-2024-22124 · Lenovo · Lenovo Printers

Name of the Vulnerable Software and Affected Versions: Lenovo Printers affected versions not specified Description: A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service. Recommendations: At the moment, there is no...

CVE-2024-31206

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...

CVE-2024-31206

CVE-2024-31206 affects the Node package dectalk-tts . In 1.0.0, the module makes HTTP (unencrypted) requests to the aeiou Dectalk web API, creating a potential man-in-the-middle risk where traffic could be intercepted or modified. The network traffic was upgraded to HTTPS in version 1.0.1. The av...

CVE-2024-31206 Use of Unencrypted HTTP Request in dectalk-tts

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...

CVE-2024-31206 Use of Unencrypted HTTP Request in dectalk-tts

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...