Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan < 4.53 - Missing Authorization to Authenticated (Subscriber+) Table Truncation

Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackertruncatescantable function in all versions up to, and including,...

Design/Logic Flaw

Inappropriate pointer order of laserscanfilter.reset and tflistener.reset amclnode.cpp in Open Robotics Robotic Operating Sytstem 2 ROS2 and Nav2 humble versions leads to a use-after-free...

CVE-2024-25198

Inappropriate pointer order of laserscanfilter.reset and tflistener.reset amclnode.cpp in Open Robotics Robotic Operating Sytstem 2 ROS2 and Nav2 humble versions leads to a use-after-free...

PT-2024-20810 · Open Robotics · Ros2

Name of the Vulnerable Software and Affected Versions: Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions Description: The issue arises from an inappropriate pointer order of laser scan filter .reset and tf listener .reset in the amcl node.cpp file, leading to a use-after-free...

GoldPickaxe Trojan steals your face!

Well, the GoldPickaxe Trojan does not literally steal your face, but it does steal an image of your face in order to be able to identify as you. Researchers have found a family of Trojans, attributed to a financially motivated Chinese group, which come in versions for iOS and Android...

Rocky Linux 8 : tigervnc (RLSA-2024:0607)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0607 advisory. - A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can...

Rocky Linux 8 : thunderbird (RLSA-2024:0609)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0609 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affect...

SqliSniper - Advanced Time-based Blind SQL Injection Fuzzer For HTTP Headers

SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers. It enhances the security assessment process by rapidly scanning and identifying potential vulnerabilities using multi-threaded, ensuring speed and efficiency. Unlike other scanners,...

2 million job seekers targeted by data thieves

A cybercriminal group known as ResumeLooters has infiltrated 65 job listing and retail websites, compromising the personal data of over two million job seekers. The group used SQL injection and cross-site scripting XSS attacks—both common techniques— to extract the sensitive information from the...

Microsoft Azure Detected

This is an informational notice that the scanner was able to detect that the target application is using a Microsoft Azure service. No source data...

CVE-2024-0971

A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content...

Gitlab -- vulnerabilities

Gitlab reports: Restrict group access token creation for custom roles Project maintainers can bypass group's scan result policy blockbranchmodification setting ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax Resource exhaustion using GraphQL vulnerabilitiesCountByDay...

CVE-2024-0971

CVE-2024-0971 is a SQL injection vulnerability in Tenable Nessus. The linked documents confirm that an authenticated, low-privileged remote attacker could potentially alter contents of the scan DB. Exploitation details are not provided beyond this CVE entry. A remediation path is indicated by Ten...

[R1] Nessus Version 10.7.0 Fixes Multiple Vulnerabilities

R1 Nessus Version 10.7.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 02/06/2024 - 11:07 Two separate vulnerabilities were discovered, reported and fixed: A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could...

PT-2024-15950 · Tenable · Nessus

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. Recommendations: At the moment, there is no information...

Why the Right Metrics Matter When it Comes to Vulnerability Management

How's your vulnerability management program doing? Is it effective? A success? Let's be honest, without the right metrics or analytics, how can you tell how well you're doing, progressing, or if you're getting ROI? If you're not measuring, how do you know it's working? And even if you are...

Mother of all Breaches may contain NEW breach data

On January 23, 2024, we reported on the discovery of billions of exposed records online, now commonly referred to as the “mother of all breaches” MOAB. Since then, the source of the dataset has been identified as data breach search engine Leak-Lookup. Prevention platform SpyCloud compared the MOA...

InsightAppSec: Improving Scan Speed and Performance

When scanning a web application in InsightAppSec, you might see it take several hours, if not several days, to run. This can be due to the size of your web app, but plenty of settings in your scan configuration can be modified to help scans complete faster. The first setting is Info - Enable...

SEO Panel Security Breach

SEO Panel is an open source panel for managing website SEO Search Engine Optimization. A security vulnerability exists in SEO Panel version 4.10.0, which stems from a stored server segment request forgery vulnerability in the Crawl Meta Data feature that allows remote attackers to scan ports in t...

RHEL 8 : tracker-miners (RHSA-2023:7730)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7730 advisory. Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and...