CVE-2018-20150

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins...

CVE-2018-20150

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins...

WordPress <= 5.0 - Cross-Site Scripting (XSS) vulnerability that could affect plugins

Cross-Site Scripting XSS vulnerability that could affect plugins found by Tim Coen in WordPress versions = 5.0. Solution Update WordPress to the latest available version at least 5.0.1...

WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins

Description According to WordPress: "Tim Coen also discovered that specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations."...

WordPress Delme 3.0 Database Disclosure

Exploit Title : WordPress Delme Plugins 3.0 Database Backup Information Disclosure Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 28/11/2018 Vendor Homepage : wordpress.org Tested On : Windows and Linux Category : WebApps Version Information : 3.0...

Wordpress Easy Testimonials 3.2 Plugins - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Exploit Author: Endust Vendor Homepage: https://wordpress.org/plugins/easy-testimonials/ Software Link: https://wordpress.org/plugins/easy-testimonials/ Version: 3.2...

phpBB 3.2.3: Phar Deserialization to RCE

Impact phpBB is one of the oldest and most popular board software. If an attacker aims to take over a board running phpBB3, he will usually attempt to gain access to the admin control panel by means of bruteforcing, phishing or XSS vulnerabilities in plugins that the target site has installed. Bu...

rust: rustdoc loads plugins from world writable directory allowing for arbitrary code execution

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

CVE-2018-19205

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigmadrivergnupg.php...

CVE-2018-19205

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigmadrivergnupg.php...

SUSE-RU-2018:3638-1 Recommended update for ardana-ansible

This update for ardana-ansible fixes the following issues: ardana-ansible: - Initial checkin of info capture tool - Rename dayzero-site.yml bsc1111886 - Switch to non-legacy media layout by default. - Add Keystone Fernet master node monitoring. bsc1097241 - Add restart verb for maintenance update...

Adding custom NASL plugins to Tenable Nessus

Making custom NASL scripts plugins for Nessus is a pretty complicated process. Basically, NASL Nessus Attack Scripting Language is an internal instrument of Tenable and it seem that they are not really interested in sharing it with the community. The only publicly available official documentation...

WordPress 3.9.x < 3.9.20 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A flaw in $wpdb-prepare can create unsafe queries leading to potential SQL injection flaws with plugins and themes. - Multiple cross-site scripting XSS vulnerabilities...

Microsoft Windows 10 Version 1607 Unsupported Version Detection (deprecated)

This plugin has been replaced by Windows Security-End-of-Life plugins. C Tenable Network Security, Inc. @DEPRECATED@ Deprecated on 2024 Mar 14. Replaced by Windows SEoL plugins. include"compat.inc"; if description scriptid118715; scriptversion"1.12";...

WordPress Configuration Cheat Sheet

In our series about misconfigurations of PHP frameworks, we have investigated Symfony, a very versatile and modular framework. Due to the enormous distribution and the multitude of plugins, WordPress is also a very popular target for attackers. This cheat sheet focuses on the wp-config.php file a...

Lynis 2.7.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

openSUSE Security Update : rust (openSUSE-2018-1279)

This update for rust fixes the following issues : - CVE-2018-1000622: rustdoc loads plugins from world-writable directory allowing for arbitrary code execution This patch consists of requiring --plugin-path to be passed whenever --plugin is passed Note that rustdoc plugins will be removed entirel...

Magecart Cybergang Targets 0days in Third-Party Magento Extensions

Criminals behind the Magecart gang have shifted tactics, and are now targeting nearly two dozen unpatched vulnerabilities found in third-party plugins used in the Magento e-commerce platform. Previously, the Magecart cybergang had focused on the core of Magento, using attack strategies such as...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:2322-2)

This update for MozillaFirefox to version ESR 52.9 fixes the following issues : CVE-2018-5188: Various memory safety bugs bsc1098998 CVE-2018-12368: No warning when opening executable SettingContent-ms files CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12365:...

ch.digitalfondue.stampo:ch.digitalfondue.stampo.gradle.plugin (=0.0.3), ch.digitalfondue.stampo:stampo (>=1.0 <=1.2.1) +837 more potentially affected by CVE-2017-2670 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=1.3.27.Final)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0, =1.0, =0.1.0, =0.2.0, =1.1.11, =1.1.11, =1.1.16, =1.1.0, =0.0.8, =0.0.8, =0.1.0, =0.0.6, =0.1.3 and more Source cves: CVE-2017-2670 Source advisory: OSV:GHSA-3X7H-5HFR-HVJM...