224 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the net/smc module not properly checking the smcdv2extoffset field when receiving an offer message, which...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the net/smc module not properly checking the v2extoffset, eidcnt, and ismgidcnt fields when receiving an offer...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the net/smc module not properly checking the ipareaoffset and ipv6prefixescnt fields when receiving an offer...
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea DPRK, has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The...
Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam
Cybersecurity researchers have shed light on a sophisticated mobile phishing aka mishing campaign that's designed to distribute an updated version of the Antidot banking trojan. "The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu...
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL...
CVE-2024-1960
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input...
CVE-2024-1960
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input...
CVE-2024-1960 ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input...
PT-2024-18454 · WordPress · The Shoplentor
Name of the Vulnerable Software and Affected Versions: The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is related to Stored Cross-Site Scripting via the Special Offer...
WordPress Plugin ShopLentor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-2868 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to...
PT-2024-22521 · WordPress · The Shoplentor
Name of the Vulnerable Software and Affected Versions: The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution plugin for WordPress versions up to, and including, 2.8.3 Description: The issue is related to Stored Cross-Site Scripting via the slitems...
ShopLentor < 2.8.2 - Contributor+ Stored Cross-Site Scripting via Banner Link
Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-25849
In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...
Sql injection
In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...
CVE-2024-25849
CVE-2024-25849 affects PrestaToolKit Make an offer module for PrestaShop (version ≤ 1.7.1). The vulnerability is a SQL injection in guest-accessible flows via MakeOffers::checkUserExistingOffer() and MakeOffers::addUserOffer(), leading to potential unauthorized data access or modification. Affect...
CVE-2024-25849
In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...
PT-2024-21161 · Prestatoolkit · Prestatoolkit Make An Offer Module
Name of the Vulnerable Software and Affected Versions: PrestaToolKit Make an offer module version 1.7.1 and earlier Description: A SQL injection issue exists in the Make an offer module, allowing a guest to perform SQL injection via the MakeOffers::checkUserExistingOffer and...
iBarn Security Vulnerabilities
iBarn is an application by zhimengzhe personal developer. Provides file network backup, synchronization and sharing services. A security vulnerability exists in iBarn v1.5, which stems from a reflected cross-site scripting XSS vulnerability in the search parameter of the offer.php file...