GSD-2022-1005311 lib: overflow: Do not define 64-bit tests on 32-bit

lib: overflow: Do not define 64-bit tests on 32-bit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

CVE-2022-2635

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2635

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2737

The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

UBUNTU-CVE-2022-31143

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of...

UBUNTU-CVE-2022-35946

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...

CVE-2022-35946 SQL injection through plugin controller in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...

PT-2022-7404 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.3 Description: The issue is related to improper validation of request input in the plugin controller, allowing access to the low-level API of the Plugin class. This can be exploited by an attacker to alter database...

Add Shortcodes Actions And Filters <= 2.0.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PCA Predict <= 1.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

How to configure domain drop-down as the first factor for AAA vserver without nFactor flow.

This article discribe how to configure domain drop-down as the first factor for nFactor auth without nFactor visualizer. The User experience after applied below configuraiton will be like 1. Fist authentication web page 2. 3. After authentication passed, there may prompt second authentication web...

Miscalculation for cUSDT and cUSDC

Lines of code Vulnerability details Impact getUnderlyingPrice stated that it would return the underlying price of the assets as a mantissa scaled by 1e18. However, the arithmetic setup on lines 503 and 507 could result in answers not scaled by 1e18. Proof of Concept 1e18 1e18 / 10 decimals is...

Remote Code Execution (RCE)

vm2 is vulnerable to remote code execution. The vulnerability exists in the Object.defineProperties function of setup-sandbox.js, allowing an attacker to bypass the sandbox protections by injecting and executing malicious code on the sandbox host...

CVE-2022-2271

The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2271 WP Database Backup < 5.9 - Admin+ Stored Cross-Site Scripting

The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-15646 · WordPress · Wp Database Backup

Name of the Vulnerable Software and Affected Versions: WP Database Backup WordPress plugin versions prior to 5.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a...

Autodeauth - A Tool Built To Automatically Deauth Local Networks

A tool built to automatically deauth local networks Tested on Raspberry Pi OS and Kali Linux Setup $ chmod +x setup.sh $ sudo ./setup.sh Reading package lists... Done Building dependency tree... Done Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded...

Exploit for Authentication Bypass by Capture-replay in Sinilink Xy-Wft1_Firmware

CVE-2022-43704 - Channel Accessible by Non-Endpoint/Authentica...

PT-2022-6143 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions v6.0-rc1 through v6.0-rc3 Description: A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in the nvmet setup auth function, allows an attacker to perform a Pre-Auth Denial of Service DoS...