CVE-2023-43809 Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...

CVE-2023-43809 Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...

WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Interactive World Map Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.4.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45060 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6813111c7df8 Credits Mika Required...

Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled

Impact A security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless setting, and the public key requires additional client-side verification for example...

GHSA-MC97-99J4-VM2V Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled

Impact A security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless setting, and the public key requires additional client-side verification for example...

PT-2023-6511 · Unknown · Soft Serve

Name of the Vulnerable Software and Affected Versions: Soft Serve versions prior to 0.6.2 Description: A security issue in Soft Serve allows an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...

CVE-2023-40333

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Qode Interactive Bridge Core plugin = 3.0.9 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Qode Interactive Bridge Core plugin = 3.0.9 versions...

CVE-2023-40333 WordPress Bridge Core Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Qode Interactive Bridge Core plugin = 3.0.9 versions...

CVE-2023-40333

CVE-2023-40333 refers to unauthenticated, reflected XSS in the WordPress Bridge Core plugin ( 3.0.9 (i.e., 3.1.0 or later). NVD lists a base score around 6.1 (Medium) with network attack vector and user interaction required. Patchstack also notes the fix in 3.1.0 and labels the vulnerability as X...

PT-2023-27392 · Qode Interactive · Qode Interactive Bridge Core Plugin

Name of the Vulnerable Software and Affected Versions: Qode Interactive Bridge Core plugin versions = 3.0.9 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows for the execution of malicious scripts on a user's browser,...

SUSE CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be...

Unix Command Shell, Reverse TCP (via socat)

Creates an interactive shell via socat Module Options msf use payload/cmd/unix/reversesocattcp msf payloadreversesocattcp show actions ...actions... msf payloadreversesocattcp set ACTION msf payloadreversesocattcp show options ...show and set options... msf payloadreversesocattcp run This module...

VTScanner - A Comprehensive Python-based Security Tool For File Scanning, Malware Detection, And Analysis In An Ever-Evolving Cyber Landscape

VTScanner is a versatile Python tool that empowers users to perform comprehensive file scans within a selected directory for malware detection and analysis. It seamlessly integrates with the VirusTotal API to deliver extensive insights into the safety of your files. VTScanner is compatible with...

CVE-2023-41057 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it

hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...

CVE-2023-41057 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it

hyper-bump-it is a command line tool for updating the version in project files.hyper-bump-it reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched fil...

MAL-2023-1561 Malicious code in cncf-interactive-landscape (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d2b9d2c5124b5a628ea48abf890a34baae186cb6a3844fc2617ad57b21be8d9 The OpenSSF Package Analysis project identified 'cncf-interactive-landscape' @ 1.0.6 npm as malicious. It is considered malicious because: - The...

Malicious code in cncf-interactive-landscape (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d2b9d2c5124b5a628ea48abf890a34baae186cb6a3844fc2617ad57b21be8d9 The OpenSSF Package Analysis project identified 'cncf-interactive-landscape' @ 1.0.6 npm as malicious. It is considered malicious because: - The...

The Need for Trustworthy AI

If you ask Alexa, Amazons voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesnt know. It doesnt take much to make it lambaste the other tech giants, but its silent about its own corporate parents misdeeds. When Alexa responds in this way, its obvious that it is...

CVE-2022-43713

Interactive Forms IAF in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed...