Malicious code in bemhint-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c4ed08d9df038f86fbe9b97ce4d7e985f65bef82182b10b772f237fcbc3e330 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-126 Malicious code in bemhint-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c4ed08d9df038f86fbe9b97ce4d7e985f65bef82182b10b772f237fcbc3e330 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-3CM8-V4MC-GPPG Path traversal in binwalk

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 inclusive. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remo...

CVE-2022-4510

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remot...

WordPress Post Views Count (Support caching plugins!) Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Post Views Count Support caching plugins! Type Plugin Vulnerable versions = 3.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4761 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 88e7e24c675b...

The Wordfence 2022 State of WordPress Security Report

Today, the Wordfence Threat Intelligence team is releasing our 2022 State of WordPress Security Report as a free White Paper. In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations...

CVE-2022-4017

The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in...

RHEL 7 / 8 : OpenShift Container Platform 4.4.8 containernetworking-plugins (RHSA-2020:2403)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2403 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

Cross-site Scripting (XSS)

jenkins-2-plugins is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly escape the descriptions of test results, allowing an attacker with Run/Update permission to inject and execute malicious javascript...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Broken Access Control

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23975 Patch priority Low CVSS severity Low 5.3 Developer Fullworks Plugins PSID 7294748abf10 Credits yuyudhn Required...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23974 Patch priority Low CVSS severity Low 5.4 Developer Fullworks Plugins PSID 5e2ae440ff0d Credits yuyudhn...

WordPress Quick Event Manager Plugin < 9.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions 9.7.5 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23491 Patch priority High CVSS severity High 7.1 Developer Fullworks Plugins PSID 38346c7453ae Credits Joshua Martinelle...

[SECURITY] Fedora 36 Update: awstats-7.8-9.fc36

Advanced Web Statistics is a powerful and full-featured tool that generates advanced web server graphical statistics. This server log analyzer works from the command line or as a CGI and shows all information your log contains, in graphical web pages. It can analyze a lot of web/wap/proxy servers...

CVE-2013-10013

A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...

WordPress Freesoul Deactivate Plugins – Plugin manager and cleanup Plugin <= 1.9.4.0 is vulnerable to Sensitive Data Exposure

Software Freesoul Deactivate Plugins – Plugin manager and cleanup Type Plugin Vulnerable versions = 1.9.4.0 Fixed in 1.9.4.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-22687 Patch priority Low CVSS severity Low 3.7 Developer Jose Mortellaro PSID...

com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv3 (>=1.4.0 <=1.7.0-RC1), com.buschmais.jqassistant.neo4jserver:neo4jv3 (>=1.4.0 <=1.7.0-RC1) +10 more potentially affected by CVE-2022-23532 via org.neo4j.procedure:apoc (>=3.4.0.1 <=3.5.0.7)

org.neo4j.procedure:apoc MAVEN version =3.4.0.1, =1.4.0, =1.4.0, =1.4.0, =1.8.0, =1.10.0 - org.jqassistant.contrib.plugin:jqassistant-plantuml-rule-plugin =1.7.0 Source cves: CVE-2022-23532 Source advisory: OSV:GHSA-5V8V-GWMW-QW97...

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

CVE-2023-22491 gatsby-transformer-remark vulnerable to unsanitized JavaScript code injection

Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the gray-matter npm package, which is vulnerable to JavaScript injection in its default...

PT-2023-12726 · Neo4J · Neo4J Graph Database

Name of the Vulnerable Software and Affected Versions: APOC versions prior to 4.4.0.12 APOC versions prior to 4.3.0.12 APOC versions prior to 5.3.1 Description: A path traversal issue found in the apoc.export. procedures of apoc plugins in Neo4j Graph database allows a malicious actor to...

container-tools:rhel8 bug fix and enhancement update

An update is available for runc, aardvark-dns, podman, oci-seccomp-bpf-hook, buildah, toolbox, slirp4netns, criu, cockpit-podman, fuse-overlayfs, container-selinux, conmon, libslirp, containernetworking-plugins, udica, containers-common, netavark, skopeo, crun, python-podman. This update affects...