EUVD-2023-3022

Malicious code in bioql PyPI...

WordPress ShipWorks Connector for Woocommerce plugin <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update vulnerability

Cross-Site Request Forgery to Service Password/Username Update vulnerability discovered by SOPROBRO in WordPress Plugin ShipWorks Connector for Woocommerce versions = 5.2.5...

How to Create an ICA File with Minimal Parameters

To create an ICA file with minimal parameters set, complete the following procedure: 1. Download theICA file from this article. 2. Copy the content from this file into anICA file. 3. Update theusername orpassword parameter with the relevant username and password that you use in your environment...

CVE-2023-5968

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

CVE-2023-5968

Mattermost: CVE-2023-5968 is a vulnerability where the server fails to properly sanitize the user object during username updates, causing the password hash to be included in the response body. Affected data exposure is limited to the password hash disclosure in responses per the available documen...

CVE-2023-5968 Password hash in response body after username update

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

CVE-2023-5968 Password hash in response body after username update

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body...

CVE-2022-2355 Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin...

Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

The plugin does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin PoC...

Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

The plugin does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin...

TikTok: Bypassing authorization of linked Instagram account

A bug was found in the capability to link a user's Instagram account to their TikTok profile page, where if a user changed their Instagram username, the link on their TikTok profile would not update accordingly. We thank @ckerha for reporting this to our team...

Mail.ru: CSRF in updating username https://pw.mail.ru/

CSRF vulnerability in pw.mail.ru allowed to change nickname with cross-site request...