103 matches found
PT-2024-33620 · Ink · Ink
Name of the Vulnerable Software and Affected Versions: INK Official versions n/a through 4.1.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions n/a through 4.1.2, upda...
WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by ghsinfosec Patchstack Alliance in WordPress Plugin INK Official versions = 4.1.2...
WordPress INK Official Plugin <= 4.1.2 is vulnerable to Arbitrary File Upload
Software INK Official Type Plugin Vulnerable versions = 4.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49669 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 67e983d6f9c5 Credits ghsinfosec Required privilege Contributo...
PT-2024-40770 · Git +1 · Trafficserver
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value". The crash state includes functions such as ink filepath merge, layout relative, and...
CVE-2021-34961
Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2021-34961
Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a...
Friday Squid Blogging: Vegan Squid-Ink Pasta
It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Malicious code in evernote-ink (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b1bb0fa89469e954b9d89954d3a58ff3a98cd66a1c11a183a7ce82bbc6e89fbe The OpenSSF Package Analysis project identified 'evernote-ink' @ 1.0.207 npm as malicious. It is considered malicious because: - The package...
MAL-2024-990 Malicious code in evernote-ink (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b1bb0fa89469e954b9d89954d3a58ff3a98cd66a1c11a183a7ce82bbc6e89fbe The OpenSSF Package Analysis project identified 'evernote-ink' @ 1.0.207 npm as malicious. It is considered malicious because: - The package...
HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk
By Deeba Ahmed HP CEO Enrique Lores defended HP's practice of bricking printers when loaded with third-party ink. This is a post from HackRead.com Read the original post: HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk...
ink-noe.net Cross Site Scripting vulnerability OBB-3843060
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
HP CEO Says They Brick Printers That Use Third-Party Ink Because of … Hackers
The company says it wants to protect you from “viruses.” Experts are skeptical...
ink-spot.gr Improper Access Control vulnerability OBB-3833453
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Friday Squid Blogging: Underwater Sculptures Use Squid Ink for Coloring
The Molinière Underwater Sculpture Park has pieces that are colored in part with squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Friday Squid Blogging: On the Ugliness of Squid Fishing
And seafood in general: A squid ship is a bustling, bright, messy place. The scene on deck looks like a mechanics garage where an oil change has gone terribly wrong. Scores of fishing lines extend into the water, each bearing specialized hooks operated by automated reels. When they pull a squid o...
Design/Logic Flaw
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...
GHSA-853P-5678-HV8F ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or inkenv::invokecontractdelegate, is being decoded incorrectly. Description Consider this minimal example: rust // First contract, this will be performing a delegate call to the Callee. inkstorage p...
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or inkenv::invokecontractdelegate, is being decoded incorrectly. Description Consider this minimal example: rust // First contract, this will be performing a delegate call to the Callee. inkstorage p...
CVE-2023-34449 ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...
CVE-2023-34449 ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...