WordPress SEOPress - On-site SEO plugin <= 7.5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress SEOPress - On-site SEO plugin = 7.5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Daffa in WordPress Plugin SEOPress versions = 7.5.2.1...

On the Cybersecurity of LoRaWAN-Based System: A Smart-Lighting Case Study

Cyber-physical systems and the Internet of Things IoT are key technologies in the Industry 4.0 vision. They incorporate sensors and actuators to interact with the physical environment. However, when creating and interconnecting components to form a heterogeneous smart systems architecture, these...

Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series

Overview A vulnerability that could allow a Denial-of-Service DoS is reported in the Konica Minolta bizhub series. Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Uncaught exception CWE-248 - CVE-2025-54777 Konica Minolta, Inc. reported this...

q2apro-on-site-notifications 代码注入漏洞

q2apro-on-site-notifications is a plugin for q2apro individual developers that replaces all email notifications for forums. A code injection vulnerability exists in q2apro-on-site-notifications version 1.4.6 and earlier, which stems from improper handling of the processrequest function in the fil...

CVE-2025-32491 WordPress Rankology SEO – On-site SEO plugin <= 2.2.4 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through = 2.2.4...

CVE-2024-12020

There is a reflected cross-site scripting XSS within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the...

Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards

On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing’ at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being. At Rapid7, we believe that the best ideas and solutions come from diverse,...

mozilla: SelectElements could be shown over another site if popups are allowed

The Mozilla Foundation's Security Advisory: If a site had been granted permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack...

WordPress plugin SEOPress – On-site SEO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Increasing trust, commitment, and predictability during a remote incident response

Authors: Gergana Karadzhova, Joe Schumacher, Pawel Bosek In this blog post, Cisco Talos Incident Response Talos IR presents some of the key benefits of remote IR support and offers a list of recommendations for working on a remote incident. Some organizations see added value in having incident...

DRUPAL-CONTRIB-2022-053

This module enables you to accept payments from the Elavon payment provider. The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon On-site payment gateway, which could lead to leaking valid payment details as well as accepting invalid payment...

WordPress SEOPress, on-site SEO plugin 5.0.0 – 5.0.3 - Stored Cross-Site Scripting (XSS) vulnerability via REST-API

Stored Cross-Site Scripting XSS vulnerability via REST-API discovered by Chloe Chamberland WordFence in WordPress SEOPress, on-site SEO plugin versions 5.0.0 – 5.0.3. Solution Update the WordPress SEOPress, on-site SEO plugin to the latest available version at least 5.0.4...

Establishing remote data center assessment standards

For the foreseeable future, the COVID-19 crisis has changed the very nature of on-site cybersecurity compliance assessments and testing. Leading the way, the Payment Card Industry Security Standards Council PCI SSC quickly recognized that its requirements for physical, on-site data center...

Unspecified Vulnerability in ABB eSOMS

ABB eSOMS Electronic Shift Operations Management System is a plant operations management system from ABB Switzerland. ABB eSOMS contains a security vulnerability that could be exploited by an attacker to compromise sensitive user information by framing parts of the application on a malicious...

The vulnerability of the conference communication component in Telecommunications Systems Mitel Connect OnSite and ST14.2 allows a intruder to execute arbitrary code.

The vulnerability of the conference communication components in Mitel Connect OnSite and ST 14.2 systems is related to improper code generation. Exploiting this vulnerability allows an attacker to inject arbitrary code into the generated PHP files and execute it using specially crafted requests t...

FileBound 6.2 Privilege Escalation Vulnerability

No description provided by source. Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact. Privilege...

SOOP Portal Raven 1.0b Shell Upload Vulnerability

No description provided by source. Exploit Title: SOOP Portal Raven 1.0b Remote Upload Shell Vulnerability Google Dork: Powered by SOOP Portal Raven 1.0b Date: 06-12-2010 Author: Sun Army Version: Raven 1.0b Tested on: Win 2003 Exploit 1.Register On Site 2.Shell Renamed to .asp.jpg shell.asp.jpg...

BPStudent 1.0 - Blind SQL Injection

No description provided by source. x========================================================================================================================================x | AntiSecuritydotorg |...

FileBound - Privilege Escalation Vulnerability - Security Advisory - SOS-12-010

Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact. Privilege escalation Attack Vector. From remote...

FileBound On-Site Privilege Escalation

Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact. Privilege escalation Attack Vector. From remote...