The vulnerability of the do_setup_env function in the sshd service of the OpenSSH encryption service allows a hacker to escalate their privileges.

The vulnerability of the dosetupenv function in the sshd service of the OpenSSH encryption service is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

ProfilePress < 4.5.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the ‘wpusercoverdefaultimageurl parameter before outputting it to the pages on the site, allowing an authenticated admin+ user to inject arbitrary web scripts even when unfilteredhtml has been disabled such as in a multisite setup...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...

WCK < 2.3.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Create/edit a Post Type via the plugin...

CVE-2022-41590

Some smartphones have authentication-related including session management vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability...

CVE-2022-41590

Some smartphones have authentication-related including session management vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability...

Authentication flaw

Some smartphones have authentication-related including session management vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability...

CVE-2022-41590

Some smartphones have authentication-related including session management vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability...

PT-2022-25965 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: Smartphones affected versions not specified Description: The issue is related to authentication, including session management, where the setup wizard can be bypassed. This affects the availability of smartphones. Recommendations: At the momen...

Cross site scripting

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4112 Quizlord <= 2.0 - Admin+ Stored XSS

The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4010

The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3906

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3862 Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

CVE-2022-3906 Easy Form Builder < 3.4.0 - Admin+ Stored XSS

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3609 GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS

The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...

Malicious code in setup-gamma (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware deba7e063fe3b4609326e55cea28db816c7049297f8cef8b23d8c2d7589f69f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...