tzdata bug fix and enhancement update

The tzdata packages contain data files with rules for various time zones. The tzdata packages have been updated to version 2021c, which addresses recent time zone changes. Notably: Samoa does not switch to the daylight saving time DST in 2021. BZ2007732, BZ2007785, BZ2008251, BZ2010126, BZ2010127...

tzdata bug fix and enhancement update

An update is available for tzdata. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The tzdata packages contain data files with rules for various time zones. The...

Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - Privilage escalation Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...

September 30, 2021—KB5005611 (OS Builds 19041.1266, 19042.1266, and 19043.1266) Preview

September 30, 2021—KB5005611 OS Builds 19041.1266, 19042.1266, and 19043.1266 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. To view other notes and messages, see the Windows 10, version...

September 21, 2021—KB5005624 (OS Build 18363.1830) Preview

September 21, 2021—KB5005624 OS Build 18363.1830 Preview UPDATED 9/21/2021 REMINDER Starting in October 2021, there will no longer be optional, non-security releases known as "C" releases for Windows 10, version 1909. Only cumulative monthly security updates known as the "B" or Update Tuesday...

September 21, 2021—KB5005625 (OS Build 17763.2210) Preview

September 21, 2021—KB5005625 OS Build 17763.2210 Preview 6/15/21 IMPORTANT This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the Update on Adobe Flash Player End of Support. 11/17/20 For information about Window...

Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver

✍️ Description XSS payload is triggered during editing and saving text included near the payment button. 🕵️‍♂️ Proof of Concept " In the app, settings try editing already included product. drop the payload in the Buy Button Text and save it hence the payload will be triggered. 💥 Impact Execution of...

CVE-2021-36028

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

Input validation

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

CVE-2021-24581

The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited...

WordPress plugin Blue Admin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

The vulnerability of the Apex One and OfficeScan antivirus software lies in errors during the saving of permissions, allowing a hacker to bypass the security measures.

The vulnerability of the Apex One and OfficeScan antivirus software lies in errors during the saving of permissions. Exploiting this vulnerability can allow a remote attacker to bypass security measures...

WordPress plugin Contact Form 7 Captcha 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2021-24411

The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack...

Maintenance < 4.03 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them even when the unfilteredhtml capability is disallowed, which will be triggered in the frontend POST /wp-admin/admin.php?page=maintenance HTTP/1.1...

gnome-session bug fix and enhancement update

The gnome-session package manages the GNOME desktop session. It starts up other core components of GNOME and handles logouts and saving of the sessions. Bug Fixes and Enhancements: gnome-session kiosk-session support still isn't up to muster BZ1959505...

Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack. PoC Add the following...

The vulnerability of the data structure saving function in the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, allows a hacker to execute arbitrary code.

The vulnerability of the data structure saving function in the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor...

The vulnerability of Intel Falcon 8+ UAS AscTec Thermal Viewer lies in errors during resolution saving, which allows attackers to escalate their privileges.

The vulnerability of Intel Falcon 8+ UAS AscTec Thermal Viewer relates to errors during resolution saving. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, relates to errors during permission saving, allowing a malicious actor to mistakenly assign a security certificate to an HTTP page.

The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to errors during the saving of permissions. Exploiting this vulnerability could allow a remote attacker to erroneously assign a security certificate to an HTTP page...