181 matches found
Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
Description The plugin allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action. PoC Execute the below command in the web developer console, on the blog homepage as an unauthenticated user, replacing domain by the domain of the blog:...
Debian: Security Advisory (DLA-537-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-34654
Cross-Site Request Forgery CSRF in Virgial Berveling's Manage Notification E-mails plugin = 1.8.2 on WordPress...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in Virgial Berveling's Manage Notification E-mails plugin = 1.8.2 on WordPress...
CVE-2022-34654
Summary: CVE-2022-34654 corresponds to a Cross-Site Request Forgery (CSRF) in the WordPress plugin Manage Notification E-mails by Virgial Berveling, affecting versions up to 1.8.2 . What’s affected: WordPress site running the Manage Notification E-mails plugin (≤ 1.8.2). The issue arises from CSR...
PT-2022-22272 · WordPress · Manage Notification E-Mails
Name of the Vulnerable Software and Affected Versions: Manage Notification E-mails plugin versions 1.8.2 and earlier Description: The issue is related to Cross-Site Request Forgery CSRF in the Manage Notification E-mails plugin on WordPress. This means an attacker could potentially trick a user...
WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...
WordPress plugin Collaboration E-mails cross-site request forgery vulnerability
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Collaboration E-mails 2.2.0 and earlier versions are vulnerable to cross-site request forgery, which stems from a lack of...
CVE-2022-0745
The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body...
CVE-2022-1761
CVE-2022-1761 concerns the Peter’s Collaboration E-mails WordPress plugin (
WordPress plugin Collaboration E-mails 跨站请求伪造漏洞
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Collaboration E-mails 2.2.0 and earlier versions are vulnerable to cross-site request forgery, which stems from a lack of...
WordPress Peter’s Collaboration E-mails plugin <= 2.2.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Peter’s Collaboration E-mails plugin versions = 2.2.0. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure i...
Dolibarr SQL Injection vulnerability
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categorieslist.php, /accountancy/admin/journalslist.php, /admin/dict.php,...
CVE-2022-24236
An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts...
Design/Logic Flaw
An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts...
Spam and phishing in 2021
Figures of the year In 2021: 45.56% of e-mails were spam 24.77% of spam was sent from Russia with another 14.12% from Germany Our Mail Anti-Virus blocked 148 173 261 malicious attachments sent in e-mails The most common malware family found in attachments were Agensla Trojans Our Anti-Phishing...
OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure Vulnerability
OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable...
CVE-2021-42363
The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the searchorder parameter found in the /views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8...
CVE-2021-42363
Summary: CVE-2021-42363 affects the WordPress plugin “Preview E-Mails for WooCommerce.” The vulnerability is a reflected cross-site scripting (XSS) in the search_order/search_orders path in ~/views/form.php, exploitable when a malicious payload is supplied via the search_order parameter. Affected...
FBI server hijacked to send up to 100,000 bogus attack mails
If you received a scary missive from what appears to be from the FBI over the last few days, youre not alone. The emails, which may have reached as many as 100,000 people, blamed a fictitious cyberattack on an innocent party. The mail read as follows: Our intelligence monitoring indicates...