47 matches found
EUVD-2011-4938
Malware in sbrugna...
EUVD-2015-2731
Malware in sbrugna...
EUVD-2023-2943
Malicious code in bioql PyPI...
EUVD-2023-23985
Malicious code in bioql PyPI...
EUVD-2024-18698
Malicious code in bioql PyPI...
CVE-2024-10825 Hide My WP Ghost – Security & Firewall <= 5.3.01 - Reflected Cross-Site Scripting via URL
The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-10825 Hide My WP Ghost – Security & Firewall <= 5.3.01 - Reflected Cross-Site Scripting via URL
The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Path Traversal org.springframework:spring-webmvc Dependency in Confluence Data Center and Server
This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
GHSA-CX7F-G6MP-7HQM Path traversal vulnerability in functional web frameworks
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
UBUNTU-CVE-2024-38816
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
CVE-2023-52147
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects All In One WP Security & Firewall: from n/a through 5.2.4...
April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution
In one of the largest Patch Tuesdays in years, Microsoft disclosed 150 vulnerabilities across its software and product portfolio this week, including more than 60 that could lead to remote code execution. Though Aprils monthly security update from Microsoft is the largest since at least the start...
CVE-2024-30468
All In One WP Security & Firewall (AIOS) for WordPress is affected by a Cross-Site Request Forgery (CSRF) vulnerability in versions up to 5.2.6, with fix released in 5.2.7. The issue can be triggered by unauthenticated attackers exploiting CSRF to manipulate actions triggered by site administrato...
ALSA-2024:1141 Moderate: mysql security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023...
Code injection
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0...
All-In-One Security (AIOS) – Security and Firewall < 5.2.0 - Insecure Storage of Password
The plugin stores the password inside the database as plaintext allowing administrators to obtain access to user's passwords...
Default credentials
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 except v4.21 due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby...
CVE-2023-1778
The CVE-2023-1778 issue affects GajShield Data Security Firewall firmware versions prior to 4.28 (except 4.21). The root cause is insecure default credentials that allow a remote attacker to log in as superuser via the web management interface and/or exposed SSH port, enabling remote command exec...
PT-2023-17238 · Gajshield · Gajshield Data Security Firewall
Name of the Vulnerable Software and Affected Versions: GajShield Data Security Firewall versions prior to v4.28 except v4.21 Description: This issue exists due to insecure default credentials, allowing a remote attacker to login as a superuser by using the default username and password via the...
WordPress BruteBank – WP Security & Firewall Plugin < 1.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software BruteBank – WP Security & Firewall Type Plugin Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6404457f092f Credits rezadut...