Not Failing Securely ('Failing Open')

Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' due to improper validation of the crit header parameter. An attacker can bypass intended authorization policies by crafting a signed token with unknown...

EUVD-2022-0185

Malicious code in bioql PyPI...

CVE-2024-11225

The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to...

CVE-2024-11225 Premium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg

The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to...

CVE-2024-11225 Premium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg

The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to...

CVE-2024-6916

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...

CVE-2024-6916 Zowe CLI --show-inputs-only displays securely stored properties

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag...

PT-2024-37955 · Zowe Cli · Zowe Cli

Name of the Vulnerable Software and Affected Versions: Zowe CLI affected versions not specified Description: A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag. Recommendations: At th...

CVE-2023-4293 Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation

The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmppupdateprofile' function. This makes it possible for authenticated attackers, with minimal...

Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...

zsh security update

4.3.11-11 - improve printing of error messages introduced by the fix of CVE-2019-20044 4.3.11-10 - drop privileges securely when unsetting PRIVILEGED option CVE-2019-20044...

WellinTech KingView < 6.53 (2012-10-09) User Credentials Not Securely Hashed

Binary data scadakingview6532012-10-09.nbin...

WordPress Plugin Google Document Embedder 2.5.16 - &#039;mysql_real_escpae_string&#039; Bypass SQL Injection

Exploit Title : Google Document Embedder 2.5.16 mysqlrealescpaestring bypass SQL Injection Data : 2014 – 12 -03 Exploit Author : Securely Yoo Hee man Plugin : google-document-embedder Fixed version : N/A Software Link : https://downloads.wordpress.org/plugin/google-document-embedder.2.5.16.zip 1...

FTPGetter 3.58.0.21 - Buffer Overflow (PASV) Exploit

No description provided by source. !/usr/bin/python Exploit Title: FTPGetter v3.58.0.21 Buffer Overflow PASV Exploit Date: 02/03/2011 Author: modpr0be Software Link: http://www.ftpgetter.com/ftpgettersetup.exe Vulnerable version: = 3.58.0.21 Tested on: Windows XP SP3 VMware Player 3.1.3...

Don't just 'delete,' – DELETE!

Many of EFF’s recommendations involve copying data onto an external device and then removing it from the device you’ll be carrying across the border. When doing this, you will want to make sure that the data you delete is actually gone. Simply pressing the ‘delete’ key or emptying the desktop was...

Novell GroupWise Messenger Client &#40;GWIM&#41; Remote Stack Overflow

|| || ISR || Infobyte Security Research || www.infobyte.com.ar || 07.02.2008 || .:: SUMMARY Novell GroupWise Messenger Client GWIM Remote Stack Overflow Version: 2.0, It is suspected that all previous versions of Groupwise Messenger Client are vulnerable. .:: BACKGROUND Novell GroupWise Messenger...