GHSA-RFQ8-J7RH-8HF2 Synapse allows unsupported content types to lead to memory exhaustion

Impact In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Patches Synapse 1.120.1 resolves the issue by denying...

Malicious code in genz-translator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9 Installing the package installs a reverse shell. As the mentioned domain doesn't seem to exist, it may be a test designed for an internal usage --- Category:...

MAL-2024-12275 Malicious code in genz-translator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9 Installing the package installs a reverse shell. As the mentioned domain doesn't seem to exist, it may be a test designed for an internal usage --- Category:...

Exploit for Improper Restriction of XML External Entity Reference in Wordpress

POC CVE-2021029447 - XXE in WordPress WordPress 5.6-5.7 - Au...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Exploit Proof-of-Concept Overview This rep...

Rizin 安全漏洞

Rizin is a free open source reverse engineering framework from the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensic tool, as a scriptable command-line hex editor capable of opening disk files, and more. A security vulnerability exist...

Malicious code in nirohf-reverse-shell (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b0a9ce248bca096b5109a73b943559cabbd6f77433d4a64cd1c804f7ec88df Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2024-12314 Malicious code in nirohf-reverse-shell (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b0a9ce248bca096b5109a73b943559cabbd6f77433d4a64cd1c804f7ec88df Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

CVE-2024-52003

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...

CVE-2024-52003

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...

CVE-2024-52003

CVE-2024-52003 – Traefik : Traefik versions 2.11.14 and 3.2.1 fix a vulnerability where an attacker can inject the untrusted X-Forwarded-Prefix header. The issue, as described, arises from the header handling by the HTTP reverse proxy/load balancer, enabling an external source to influence reques...

CVE-2024-52003 X-Forwarded-Prefix Header still allows for Open Redirect in traefik

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...

CVE-2024-10570

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validatio...

CVE-2024-10542 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

CVE-2024-10542 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

CVE-2024-10542

CVE-2024-10542 affects the WordPress plugin Spam protection, Anti-Spam, FireWall by CleanTalk up to version 6.43.2, where an authorization bypass via reverse DNS spoofing in checkWithoutToken allows unauthenticated installation/activation of arbitrary plugins, potentially enabling remote code exe...

CVE-2024-10570

The CVE pertains to WordPress Security & Malware scan by CleanTalk (Secure plugin) where versions up to 2.145 allow an unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing in checkWithoutToken and insufficient input sanitization. This enables unauthenticated attacker...

CVE-2024-10570 Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validatio...

WordPress Security & Malware scan by CleanTalk plugin <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection vulnerability

Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin Security & Malware scan by CleanTalk versions = 2.145...

WordPress Spam protection, Anti-Spam, FireWall by CleanTalk plugin <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing vulnerability

Authorization Bypass via Reverse DNS Spoofing vulnerability discovered by mikemyers in WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk versions = 6.43.2...