Malicious code in frqtrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4e9a6f5c4e1499c80fad35d26f4e88bc0da564817b89bc70ca6aade3721002c8 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

WordPress Enable Media Replace Plugin < 4.0.2 is vulnerable to Arbitrary File Upload

Software Enable Media Replace Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-0255 Patch priority High CVSS severity High 9.1 Developer ShortPixel PSID 1a8eac52cb81 Credits dc11 Required privilege Author Published 1...

GSD-2023-1000377 btrfs: handle case when repair happens with dev-replace

btrfs: handle case when repair happens with dev-replace This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.19 by commit...

Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload

The plugin does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. PoC 1 As an Author, upload a picture via http://vulnerable-site.tld/wp-admin/upload.php 2 Press on the new picture's thumbnail to see the attachment's detai...

Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload

The plugin does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. 1 As an Author, upload a picture via http://vulnerable-site.tld/wp-admin/upload.php 2 Press on the new picture's thumbnail to see the attachment's details 3...

postgresql: Extension scripts replace objects not belonging to the extension.

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

postgresql: Extension scripts replace objects not belonging to the extension.

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

DEBIAN-CVE-2022-34481

In the nsTArrayImpl::ReplaceElementsAt function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

CVE-2022-41267

CVE-2022-41267 affects SAP BusinessObjects Platform 4.2 (420) and 4.3 (430). A server‑side request forgery vulnerability lets an attacker with normal BI user privileges upload/replace any file on the server at the OS level, enabling full system control and causing high impact to confidentiality, ...

CVE-2022-3850

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...

CVE-2022-2311

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

CVE-2022-2311

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

Cross site request forgery (csrf)

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...

CVE-2022-2311 Find and Replace All < 1.3 - Reflected Cross Site Scripting

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

CVE-2022-2311 Find and Replace All < 1.3 - Reflected Cross Site Scripting

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue...

PT-2022-15852 · WordPress · Find/Replace All

Name of the Vulnerable Software and Affected Versions: Find and Replace All WordPress plugin versions prior to 1.3 Description: The issue arises from the plugin not sanitizing and escaping some parameters from its setting page before outputting them back to the user, leading to a Reflected...

WordPress plugin Find and Replace All 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2022-26182 · Muhammara +1 · Muhammara +1

Name of the Vulnerable Software and Affected Versions: muhammara versions prior to 2.6.2 muhammara versions 3.0.0 through 3.3.0 hummus all versions Description: The issue is related to a Denial of Service DoS condition that occurs when a maliciously crafted PDF file is parsed. The problem arises...

WordPress plugin Find and Replace All 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)

Summary IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. Vulnerability Details CVEID:CVE-2022-22483 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5,...