4680 matches found
WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Themify Builder versions = 7.6.3...
CVE-2024-42333
The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c...
CVE-2024-42333
The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c...
CVE-2024-42332
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attac...
Malware Exploits Trusted Avast Anti-Rootkit Driver to Disable Security Software
Malware exploits legitimate Avast anti-rootkit driver to disable security software. Trellix researchers uncover the attack and provide mitigation steps...
Schneider Electric Zelio Soft 2
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : Zelio Soft 2 Vulnerabilities : Use After Free, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
WordPress XSSplorer Challenge: An Expanded Scope for All Researchers in the Wordfence Bug Bounty Program
From now through October 7th, 2024, we are expanding the scope of our Bug Bounty Program to include all Cross-Site Scripting XSS vulnerabilities—both Reflected and Stored—in any WordPress plugin or theme with at least 1,000 active installations for all researchers. This temporary scope expansion...
10,000 WordPress Sites Affected by Arbitrary File Read and Delete Vulnerability in InPost PL and InPost for WooCommerce WordPress Plugins
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...
Siemens COMOS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look
On the hunt for corporate devices being sold secondhand, a researcher found a trove of Apple corporate data, a Mac Mini from the Foxconn assembly line, an iPhone 14 prototype, and more...
Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 CVSS score: 7.5, has been described as a spoofing flaw that affects the...
Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities
Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below -...
CVE-2024-28074 SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability...
CVE-2024-28074 SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability...
ets-chanu.com Cross Site Scripting vulnerability OBB-3939579
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Johnson Controls Illustra Essentials Gen 4 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...
CAREL Boss-Mini
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : CAREL Equipment : Boss-Mini Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Quick CMS 6.7 Shell Upload Vulnerability
Title : Authenticated Shell Upload Product : Quick CMS Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Report : Already contact the vendor but no response Affected path : admin.php , core/common-admin.php, database/config.php Affected...
slpca.org Cross Site Scripting vulnerability OBB-3900415
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
avsl.com Cross Site Scripting vulnerability OBB-3895528
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...