Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix , a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services...

CVE-2024-54386

Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...

CVE-2024-54386 WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...

CVE-2024-54386

CVE-2024-54386 corresponds to a CSRF-to-Stored-XSS issue in Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart (Push Monkey Pro plugin). Affected product/version: Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart (up through 3.9). Document describes Cros...

CVE-2024-54386 WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...

WordPress plugin Push Monkey Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2024-36272 · Unknown · Push Monkey Pro – Web Push Notifications +1

Name of the Vulnerable Software and Affected Versions: Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart versions n/a through 3.9 Description: The issue is a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This means an attacker can tric...

WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart versions = 3.9...

SUSE CVE-2024-42331

In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if th...

Astra Linux – Vulnerability in curl

When an application instructs libcurl to enable HTTP/2 server push, and the number of received headers for the push exceeds the maximum allowed limit 1000, libcurl abends the server push. During this process, libcurl inadvertently does not free all of the previously allocated headers; instead, it...

Palo Alto Networks PAN-OS 10.1.x < 10.1.14 / 10.2.x < 10.2.11 / 11.0.x < 11.0.6 / 11.1.x < 11.1.4 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14 or 10.2.x prior to 10.2.11 or 11.0.x prior to 11.0.6 or 11.1.x prior to 11.1.4. It is, therefore, affected by a vulnerability. A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS...

CVE-2024-52408 WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through = 3.0.8...

CVE-2024-52408 WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through = 3.0.8...

WordPress plugin Push Notifications for WordPress by PushAssist 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue exists in the WordPress plugin...

Advertisers are pushing ad and pop-up blockers using old tricks

Despite the countermeasures some services are taking against well-known ad blockers, lots of people now use one. This is no doubt due to increased privacy concerns around online tracking, along with the growing number of ads per site. And where there is money to be made, you’ll find social...

Directory Traversal

github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to path traversal in the api/push route, allowing attackers to confirm which files exist on the server...

Fedora 41 : znc / znc-clientbuffer / znc-push (2024-1c078a4771)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-1c078a4771 advisory. Fix CVE-2024-39844 https://wiki.znc.in/ChangeLog/1.9.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

firefox: DOM push subscription message could hang Firefox

The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...

firefox: DOM push subscription message could hang Firefox

The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...

Updated nspr, nss, firefox & rust packages fix security vulnerabilities

Permission leak via embed or object elements. CVE-2024-10458 Use-after-free in layout with accessibility. CVE-2024-10459 Confusing display of origin for external protocol handler prompt. CVE-2024-10460 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response...