46 matches found
WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Multi Purpose Mail Form versions = 1.0.2...
WordPress Multi Purpose Mail Form Plugin <= 1.0.2 is vulnerable to Arbitrary File Upload
Software Multi Purpose Mail Form Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50484 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3feda20596e4 Credits Bonds Required privilege...
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.0.0 Revision 7304 1.0.0 Revision 7284 1.0.0 Revision 6505 1.0.0 Revision 6332 1.0.0 Revision 6258 XS2DAB v1.50 rev 6267 Summary: Cleber offers a...
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.0.0 Revision 7304 1.0.0 Revision 7284 1.0.0 Revision 6505 1.0.0 Revision 6332 1.0.0 Revision 6258 XS2DAB v1.50 rev 6267 Summary: Cleber offer...
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config
Summary Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and...
CVE-2024-24926
Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6...
CVE-2024-24926 WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6...
CVE-2024-24926
CVE-2024-24926 describes a deserialization of untrusted data vulnerability in UnitedThemes Brooklyn Theme (WordPress Brooklyn) up to version 4.9.7.6. The connected documents specify a PHP object injection/deserialization flaw as the root cause and list the affected software as the Brooklyn Theme,...
CVE-2024-24927
CVE-2024-24927 affects UnitedThemes Brooklyn – a WordPress theme – with a Reflected XSS caused by improper input neutralization during web page generation. Affected versions are listed as up to 4.9.7.6 (n/a). Multiple sources corroborate the basic vulnerability description, including Red Hat, NVD...
CVE-2023-38400
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4...
[SECURITY] Fedora 36 Update: dnsx-1.1.0-3.fc36
Dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers...
TrickBot Malware Using New Techniques to Evade Web Injection Attacks
The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep...
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
RCE-CVE-2020-5902 BIG-IP F5 Remote Code Execution Descripti...
Threat Roundup for February 14 to February 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 14 and Feb. 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
WordPress NativeChurch Multi-Purpose 5.0.x File Download
Exploit Title : WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : themeforest.net Software Information Link :...
Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed overview of system activity with highlighting. Graphs and statistics allow you quickly to track down...
DevAudit - Open-source, Cross-Platform, Multi-Purpose Security Auditing Tool
DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing capabilities that automate...
Game Music Emu: Multiple vulnerabilities
Background Game Music Emu is a multi-purpose console music emulator and player library. Description Multiple vulnerabilities have been discovered in Game Music Emu. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially...