Lucene search
+L

252 matches found

ThreatPost
ThreatPost
added 2021/10/27 9:39 p.m.21 views

WordPress Plugin Bug Lets Subscribers Wipe Sites

Researchers have discovered a homicidal WordPress plugin that allows subscribers to wipe sites clean of content. The high-severity security flaw is found in Hashthemes Demo Importer, a plugin that’s used in more than 8,000 active installations. According to security researchers at Wordfence, the...

6.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/07/06 5:1 p.m.52 views

Western Digital Users Face Another RCE

Bad news comes in threes, most particularly for Western Digital customers. As if things weren’t bad enough for the untold number of Western Digital customers whose data blinked out of existence last month, there’s another zero-day waiting for whoever can’t or won’t upgrade its My Cloud storage...

8AI score
Exploits0References13
ThreatPost
ThreatPost
added 2021/06/25 3:50 p.m.43 views

My Book Live Users Wake Up to Wiped Devices

If you haven’t already, stop reading and go yank your My Book Live storage device offline, lest you join the ranks of those who woke up on Thursday to find that years of data had been wiped clean on devices around the world. Western Digital’s My Book storage device is designed for consumers and...

7.1AI score
Exploits0References14
0day.today
0day.today
added 2021/06/14 12:0 a.m.342 views

GLPI 9.4.5 - Remote Code Execution Exploit

Exploit Title: GLPI 9.4.5 - Remote Code Execution RCE Exploit Author: Brian Peters Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: | grep "CREATE TABLE" | grep -n wifinetworks Update the offsettable value with this number in the...

9CVSS8.1AI score0.10949EPSS
Exploits7
OSV
OSV
added 2021/05/31 3:39 p.m.11 views

UVI-2021-1000287 m68k: mvme147,mvme16x: Don't wipe PCC timer config bits

m68k: mvme147,mvme16x: Don't wipe PCC timer config bits This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

7.2AI score
Exploits0
NVD
NVD
added 2021/05/05 4:15 a.m.10 views

CVE-2020-36334

themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database...

8.8CVSS0.00646EPSS
Exploits1References2
OSV
OSV
added 2021/05/05 4:15 a.m.6 views

CVE-2020-36334

themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database...

8.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2021/05/05 4:15 a.m.4 views

CVE-2020-36333

themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a resetwizardactions hook...

9.1CVSS5.8AI score0.03429EPSS
Exploits1References2
Prion
Prion
added 2021/05/05 4:15 a.m.15 views

Cross site request forgery (csrf)

themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database...

6.8CVSS8.7AI score0.00646EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/05 4:15 a.m.12 views

Authentication flaw

themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a resetwizardactions hook...

6.4CVSS9.3AI score0.03429EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/05/05 3:11 a.m.62 views

CVE-2020-36334

The CVE affects the WordPress plugin themegrill-demo-importer, with versions before 1.6.3. The vulnerability is cross-site request forgery (CSRF) in the plugin, demonstrated by the ability to wipe the database. Root cause details are not explicitly provided beyond the CSRF issue. Impact, as state...

8.8CVSS8.6AI score0.00646EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/05 12:0 a.m.7 views

PT-2021-12011 · Unknown · Themegrill-Demo-Importer

Name of the Vulnerable Software and Affected Versions: themegrill-demo-importer versions prior to 1.6.2 Description: The issue allows unauthorized access to wipe the database due to a lack of authentication requirement in the reset wizard actions hook. Recommendations: For themegrill-demo-importe...

9.1CVSS9.2AI score0.03429EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2021/04/26 9:34 a.m.68 views

Emotet Malware Destroys Itself From All Infected Computers

Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emote...

1.3AI score
Exploits0
Patchstack
Patchstack
added 2020/12/08 12:0 a.m.11 views

WordPress ThemeGrill Demo Importer plugin <= 1.6.2 - Bypass and Database Wipe vulnerability

Bypass and Database Wipe vulnerability discovered by Dave Patchstack in WordPress ThemeGrill Demo Importer plugin versions = 1.6.2. Solution Update the WordPress ThemeGrill Demo Importer plugin to the latest available version at least 1.6.3...

2.7AI score
Exploits0References2Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2020/10/10 12:0 a.m.105 views

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:1652-1 Rating: moderate References: 1171572 1171579 1177346 Cross-References: CVE-2020-8154 CVE-2020-8155 CVE-2020-8183 CVE-2020-8228 CVE-2020-8233 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1...

9CVSS7.6AI score0.04419EPSS
Exploits3References3
0day.today
0day.today
added 2020/08/22 12:0 a.m.497 views

Linux/x86 /dev/sda Partition Wiping Shellcode (35 bytes)

Exploit Title: Linux/x86 - Shred /dev/sda wipe partition Shellcode 35 bytes Google Dork: None Exploit Author: cybersaki Vendor Homepage: None Software Link: None Version: None Tested on: Kali linux 2020.2a i386 x86 CVE : none Shellcode-length : 35 SLAE-id : Purchased | email protected ; Descripti...

Exploits0
The Hacker News
The Hacker News
added 2020/08/12 10:45 a.m.4 views

Flaws in Samsung Phones Exposed Android Users to Remote Attacks

New research disclosed a string of severe security vulnerabilities in the 'Find My Mobile '—an Android app that comes pre-installed on most Samsung smartphones—that could have allowed remote attackers to track victims' real-time location, monitor phone calls, and messages, and even delete data...

6.1AI score
Exploits0
Apple
Apple
added 2020/07/27 8:18 a.m.59 views

About the security content of iOS 12.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

9.8CVSS0.7AI score0.18108EPSS
Exploits10Affected Software1
OSV
OSV
added 2020/05/22 4:15 p.m.6 views

OPENSUSE-SU-2020:0670-1 Security update for nextcloud

This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...

7.7CVSS7.5AI score0.01773EPSS
Exploits1References5
OSV
OSV
added 2020/05/17 2:13 p.m.5 views

OPENSUSE-SU-2020:0668-1 Security update for nextcloud

This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...

7.7CVSS7.5AI score0.01773EPSS
Exploits1References5
Rows per page
Query Builder