CVE-2023-3167

CVE-2023-3167 - WordPress Mail Queue plugin : Stored XSS in the Email Subject field affecting WordPress plugins Mail Queue versions up to 1.1 due to insufficient input sanitization and output escaping. Exploitation possible by unauthenticated attackers, injecting scripts that execute when a user ...

CVE-2023-3122 GD Mail Queue <= 3.9.3 - Unauthenticated Stored Cross-Site Scripting via Email

The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

CVE-2023-3122

CVE-2023-3122 affects the GD Mail Queue plugin for WordPress. A stored XSS flaw arises from insufficient input sanitization and output escaping in email contents for versions up to 3.9.3, allowing unauthenticated attackers to inject scripts that execute when users load injected pages. Public disc...

PT-2023-23241 · WordPress · Gd Mail Queue

Name of the Vulnerable Software and Affected Versions: GD Mail Queue plugin for WordPress versions up to and including 3.9.3 Description: The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages via emai...

WordPress Plugin GD Mail Queue 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Plugin Mail Queue 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

CVE-2023-29156

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, at the right times, spoofed Open Drone ID ODID messages which force the DroneScout ds230 Remote ID...

Reactivated gauges can’t queue up rewards

Lines of code Vulnerability details Impact Reactivated gauges can’t queue up rewards Proof of Concept Active gauges as set by authorised users get their rewards queued up in the FlywheelGaugeRewards.queueRewards function. As part of it, their associated struct QueuedRewards updates its storedCycl...

部分MediaTek芯片 缓冲区错误漏洞

MediaTek chips are various chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in some MediaTek chips, which originates in cmdq, due to a lack of boundary checking, which may result in memory corruption leading to a local denial of service. The following products are...

The vulnerability of the maloc function in the Redis database management system allows a attacker to cause a service failure.

The vulnerability of the maloc function in the Redis database management system is related to queue overflow when a distributed queue is used. This can lead to unauthorized writes outside of the bound process or errors in the process. Exploiting this vulnerability allows an attacker to cause...

Vulnerabilities fixed in IBM MQ

IBM has fixed vulnerabilities in MQ, in both the appliance and the server software. A malicious party could exploit them to cause a denial-of-service DoS, gain access gain access to sensitive data in the queue or to execute arbitrary execute arbitrary code with user privileges. IBM has released...

WordPress Mail Queue Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Mail Queue Type Plugin Vulnerable versions = 1.1 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3167 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID fb19b2f489d6 Credits Alex Thomas Required privilege...

Mail Queue < 1.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape user input for the email subject field. This can lead to the injection of arbitrary web scripts that execute whenever a page is accessed...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol

Summary Multiple issues were identified in Red Hat UBI packages libcurl, openssl, gnutls, libarchive and libsepol that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd

Summary Multiple issues were identified in Red Hat UBI packages Kubernetes, curl, systemd that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, go and apr-util

Summary Multiple issues were identified in Red Hat UBI packages curl, go and apar-util that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-27535 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

DEBIAN-CVE-2023-3159

A use after free issue was discovered in driver/firewire in outboundphypacketcallback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queueevent fails...