Note Press <= 0.1.10 - Admin+ SQLi via Update

The plugin does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection POST /wp-admin/admin.php?page=NotePress-Main-Menu&action=edit&id=17 HTTP/1.1 Accept:...

Note Press <= 0.1.10 - Admin+ SQLi via Update

The plugin does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection PoC POST /wp-admin/admin.php?page=NotePress-Main-Menu=edit=17 HTTP/1.1 Accept:...

Note Press <= 0.1.10 - Admin+ SQLi via id

The plugin does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections PoC https://example.com/wp-admin/admin.php?page=NotePress-Main-Menu=view=17+AND+SELECT+3630+FROM+SELECTSLEEP5KdTt...

CVE-2022-30334

Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that us...

CVE-2022-28789

Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities...

CVE-2022-28789

Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities...

CVE-2022-28789

Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities...

Code injection

Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities...

CVE-2022-28789

Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities...

CVE-2022-28789

Voice Note (Samsung) vulnerabilities exist in versions before 21.3.51.11 due to unprotected activities that let an attacker record audio without user interaction. Root cause is missing permission restrictions for vulnerable activities. Impact is local: an attacker on the device could capture voic...

Voice Note 安全漏洞

Voice Note is a voice note-taking software from Samsung South Korea. A security vulnerability exists in Voice Note versions prior to 21.3.51.11, which stems from the presence of unprotected activity. An attacker could exploit the vulnerability to record voice without user interaction. This patch...

CVE-2022-29937

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but for example an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product...

charlieblackfield.com Improper Access Control vulnerability OBB-2573709

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-28101

Turtlapp Turtle Note v0.7.2.6 does not filter the tag during markdown parsing, allowing attackers to execute HTML injection...

CVE-2022-28101

Turtlapp Turtle Note v0.7.2.6 does not filter the tag during markdown parsing, allowing attackers to execute HTML injection...

CVE-2022-28101

Turtlapp Turtle Note v0.7.2.6 does not filter the tag during markdown parsing, allowing attackers to execute HTML injection...

Design/Logic Flaw

Turtlapp Turtle Note v0.7.2.6 does not filter the tag during markdown parsing, allowing attackers to execute HTML injection...

CVE-2022-28101

CVE-2022-28101 affects Turtlapp Turtle Note v0.7.2.6. The issue arises in markdown parsing where the application does not filter the tag, enabling HTML injection. The NVD entry lists a base score of 6.0 (MEDIUM) in CVSS2 and 9.0 (CRITICAL) in CVSS3.1, with network attack vector, low complexity, ...

Update: Destructive Malware Targeting Organizations in Ukraine

Summary Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Updated April 28, 2022 This advisor...

Google Releases Security Updates for Chrome

Google has released Chrome version 101.0.4951.41 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...