Lucene search
+L

103 matches found

Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.5 views

PT-2024-33620 · Ink · Ink

Name of the Vulnerable Software and Affected Versions: INK Official versions n/a through 4.1.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions n/a through 4.1.2, upda...

9.9CVSS6.7AI score0.00508EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/21 8:48 a.m.7 views

WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by ghsinfosec Patchstack Alliance in WordPress Plugin INK Official versions = 4.1.2...

9.9CVSS7AI score0.00508EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.11 views

WordPress INK Official Plugin <= 4.1.2 is vulnerable to Arbitrary File Upload

Software INK Official Type Plugin Vulnerable versions = 4.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49669 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 67e983d6f9c5 Credits ghsinfosec Required privilege Contributo...

9.9CVSS6.8AI score0.00508EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/08 12:0 a.m.4 views

PT-2024-40770 · Git +1 · Trafficserver

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value". The crash state includes functions such as ink filepath merge, layout relative, and...

6.9AI score
Exploits0References2
OSV
OSV
added 2024/05/07 11:15 p.m.2 views

CVE-2021-34961

Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS6.2AI score0.00349EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/07 11:15 p.m.4 views

CVE-2021-34961

Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.6AI score0.00349EPSS
Exploits0References3Affected Software1
Schneier on Security
Schneier on Security
added 2024/02/16 10:4 p.m.9 views

Friday Squid Blogging: Vegan Squid-Ink Pasta

It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/02/12 2:58 a.m.2 views

Malicious code in evernote-ink (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b1bb0fa89469e954b9d89954d3a58ff3a98cd66a1c11a183a7ce82bbc6e89fbe The OpenSSF Package Analysis project identified 'evernote-ink' @ 1.0.207 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSV
OSV
added 2024/02/12 2:58 a.m.5 views

MAL-2024-990 Malicious code in evernote-ink (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b1bb0fa89469e954b9d89954d3a58ff3a98cd66a1c11a183a7ce82bbc6e89fbe The OpenSSF Package Analysis project identified 'evernote-ink' @ 1.0.207 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
HackRead
HackRead
added 2024/01/25 10:19 p.m.19 views

HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk

By Deeba Ahmed HP CEO Enrique Lores defended HP's practice of bricking printers when loaded with third-party ink. This is a post from HackRead.com Read the original post: HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/01/25 4:26 p.m.11 views

ink-noe.net Cross Site Scripting vulnerability OBB-3843060

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2024/01/23 9:11 p.m.9 views

HP CEO Says They Brick Printers That Use Third-Party Ink Because of … Hackers

The company says it wants to protect you from “viruses.” Experts are skeptical...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/01/12 6:31 p.m.5 views

ink-spot.gr Improper Access Control vulnerability OBB-3833453

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/12/15 10:6 p.m.8 views

Friday Squid Blogging: Underwater Sculptures Use Squid Ink for Coloring

The Molinière Underwater Sculpture Park has pieces that are colored in part with squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/10/27 9:13 p.m.28 views

Friday Squid Blogging: On the Ugliness of Squid Fishing

And seafood in general: A squid ship is a bustling, bright, messy place. The scene on deck looks like a mechanics garage where an oil change has gone terribly wrong. Scores of fishing lines extend into the water, each bearing specialized hooks operated by automated reels. When they pull a squid o...

6.8AI score
Exploits0
Prion
Prion
added 2023/06/14 9:15 p.m.19 views

Design/Logic Flaw

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

5CVSS5.3AI score0.00967EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/06/14 8:11 p.m.32 views

GHSA-853P-5678-HV8F ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or inkenv::invokecontractdelegate, is being decoded incorrectly. Description Consider this minimal example: rust // First contract, this will be performing a delegate call to the Callee. inkstorage p...

5.3CVSS5.3AI score0.00967EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/06/14 8:11 p.m.23 views

ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or inkenv::invokecontractdelegate, is being decoded incorrectly. Description Consider this minimal example: rust // First contract, this will be performing a delegate call to the Callee. inkstorage p...

5.3CVSS6.4AI score0.00967EPSS
Exploits1References7Affected Software2
Vulnrichment
Vulnrichment
added 2023/06/14 8:10 p.m.14 views

CVE-2023-34449 ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

5.3CVSS6.8AI score0.00967EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/06/14 8:10 p.m.20 views

CVE-2023-34449 ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

5.3CVSS5.5AI score0.00967EPSS
Exploits1References5
Rows per page
Query Builder