88 matches found
CVE-2023-46089
Cross-Site Request Forgery CSRF vulnerability in Lee Le @ Userback Userback plugin = 1.0.13 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Lee Le @ Userback Userback plugin = 1.0.13 versions...
CVE-2023-46089
CVE-2023-46089 denotes a CSRF vulnerability in the WordPress Userback plugin, affected versions
WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)
Software FreshMail For WordPress Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46074 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID bc13c89450f9 Credits LEE SE HYOU...
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution
A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of sandbox protections and achieve code execution. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring...
FANUC ROBOGUIDE-HandlingPRO
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: FANUC Equipment: ROBOGUIDE-HandlingPRO Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and/or overwrite files on the system running the affected...
haus-lee.de Cross Site Scripting vulnerability OBB-3033967
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
leeinternational.com Cross Site Scripting vulnerability OBB-2861279
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
terryleecontracting.com Cross Site Scripting vulnerability OBB-2642125
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Researcher Spotlight: Martin Lee, EMEAR lead, Talos Strategic Communications
Who knew you could connect Moses to threat intelligence? By Jon Munshaw. When the security community usually thinks about the origins of cybersecurity and threat intelligence, the conversation may quickly center around the codebreakers in World War II or the Creeper software developed... This is...
About the security content of Safari 15.5
About the security content of Safari 15.5 This document describes the security content of Safari 15.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
EMEAR Monthly Talos Update: Wiper malware
Cisco Talos and Cisco Secure are launching a new video series to fill you in on the latest cybersecurity trends. We’re thrilled to launch our first video in the new Talos Threat Update series, which you can watch above or over at this link, where Martin Lee and Hazel Burton talk about wiper... Th...
From basic text to streaming 4K movies: A brief history of the World Wide Web
When Sir Tim Berners-Lee wrote his proposal for the World Wide Web WWW in 1989, he probably didn’t predict just how much his ideas would change the way we communicate. With about 1.83 billion websites to date, the World Wide Web has been the cornerstone of the information age. Famously Berners-Le...
GHSA-X79J-WGQV-G8H2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Problem It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. Solution Update to TYPO3 versions 10.4.14 or 11.1.1 that fix the...
Cross-Site Scripting in Content Preview
Problem It has been discovered that database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed in the page module. A valid backend user account is needed to exploit this vulnerability. Solution Update to TYPO3 versions 10.4.14, 11.1.1 that f...
Inrupt’s Solid Announcement
Earlier this year, I announced that I had joined Inrupt, the company commercializing Tim Berners-Lees Solid specification: The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things -- your computer, your...
Lee Lei's blog ne***_sh***.php file suffers from SQL injection vulnerability
Li Lei blog is an open source PHP blog management system . Li Lei blog nesh.php file suffers from SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive information in the database...
Windowsrcer IE/Edge Cross-URL vulnerabilities
Cross-Origin bugs in IE and Edge allow bypassing SOP in both browsers. 0-days released by James Lee @Windowsrcer Recent assessments: busterb at August 21, 2019 4:31pm UTC reported: A SOP bug requires the attacker to inject a resource into one domain, and be listening on another. Such a...
About the security content of iCloud for Windows 7.10
About the security content of iCloud for Windows 7.10 This document describes the security content of iCloud for Windows 7.10. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
Teacher linked to Celebgate hacking scandal facing 7 years in prison
By Uzair Amir Former Lee Davis High School, Virginia teacher Christopher Brannan set to plead guilty to the federal charges of hacking into the computers of Celebrities including Emma Watson and non-celebrities leading to their private data in the Celebgate hacking scandal. 31 years old Christoph...