3944 matches found
Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops
Citrix has released security updates to address high-severity vulnerabilities CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483 in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system. CISA...
WordPress Plugin ExpressTech Quiz And Survey Master 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.0.7 Fixed in 8.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bcb98ded3ded Credits Oliver K...
Quiz And Survey Master < 8.0.8 - Text Message Setting Update via CSRF
The plugin does not have CSRF check when updating the Quiz Text Message Setting, which could allow attackers to make logged admin perform such actions via a CSRF attack...
OpenSSL Releases Security Advisory
OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0.0, 2.2.2, and 1.0.2. An attacker could exploit some of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review the OpenSSL advisory and mak...
CISA and FBI Release ESXiArgs Ransomware Recovery Guidance
Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in...
PT-2023-6742 · WordPress · Quiz/Survey Master
Name of the Vulnerable Software and Affected Versions: The Quiz And Survey Master for WordPress versions up to, and including, 8.0.8 Description: The issue is related to a missing capability check on the function associated with the qsm remove file fd question AJAX action. This allows...
This Week in Spring - February 7th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's Tuesday, February 7th, 2023, as I write this and I'm so very glad to be talking to you. How're you doin'? Some housekeeping: I'll be doing more live streams over on my YT channel - join me and we'll talk shop. I'm going...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on February 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...
CISA Releases ESXiArgs Ransomware Recovery Script
CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines VMs unusable. CISA recommends organizations impacted by ESXiArgs evaluate t...
Friday Squid Blogging: Studying the Colossal Squid
A survey of giant squid science. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
Cisco Releases Security Advisories for Multiple Products
Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This...
CVE-2022-48010
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into...
WordPress Survey Maker Plugin <= 3.2.0 is vulnerable to Broken Access Control
Software Survey Maker Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22697 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e4e10a4b468a Credits Fariq Fadillah Gusti Insani...
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain BIND 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system...
PT-2023-15547 · Unknown · Limesurvey
Name of the Vulnerable Software and Affected Versions: LimeSurvey version 5.4.15 Description: A stored cross-site scripting XSS issue was discovered in the component "/index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts". This issue allows attackers to execute arbitrary web...
LimeSurvey 跨站脚本漏洞
LimeSurvey formerly known as PHPSurveyor is an open source online survey program by the Limesurvey team, which supports survey program development, questionnaire distribution, and data collection. A cross-site scripting vulnerability exists in LimeSurvey version v5.4.15, which stems from its...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS advisories on January 26, 2023.These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
VMware Releases Security Updates for VMware vRealize Log Insight
VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply th...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and app...