252 matches found
WordPress Plugin Bug Lets Subscribers Wipe Sites
Researchers have discovered a homicidal WordPress plugin that allows subscribers to wipe sites clean of content. The high-severity security flaw is found in Hashthemes Demo Importer, a plugin that’s used in more than 8,000 active installations. According to security researchers at Wordfence, the...
Western Digital Users Face Another RCE
Bad news comes in threes, most particularly for Western Digital customers. As if things weren’t bad enough for the untold number of Western Digital customers whose data blinked out of existence last month, there’s another zero-day waiting for whoever can’t or won’t upgrade its My Cloud storage...
My Book Live Users Wake Up to Wiped Devices
If you haven’t already, stop reading and go yank your My Book Live storage device offline, lest you join the ranks of those who woke up on Thursday to find that years of data had been wiped clean on devices around the world. Western Digital’s My Book storage device is designed for consumers and...
GLPI 9.4.5 - Remote Code Execution Exploit
Exploit Title: GLPI 9.4.5 - Remote Code Execution RCE Exploit Author: Brian Peters Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: | grep "CREATE TABLE" | grep -n wifinetworks Update the offsettable value with this number in the...
UVI-2021-1000287 m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
m68k: mvme147,mvme16x: Don't wipe PCC timer config bits This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...
CVE-2020-36334
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database...
CVE-2020-36334
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database...
CVE-2020-36333
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a resetwizardactions hook...
Cross site request forgery (csrf)
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database...
Authentication flaw
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a resetwizardactions hook...
CVE-2020-36334
The CVE affects the WordPress plugin themegrill-demo-importer, with versions before 1.6.3. The vulnerability is cross-site request forgery (CSRF) in the plugin, demonstrated by the ability to wipe the database. Root cause details are not explicitly provided beyond the CSRF issue. Impact, as state...
PT-2021-12011 · Unknown · Themegrill-Demo-Importer
Name of the Vulnerable Software and Affected Versions: themegrill-demo-importer versions prior to 1.6.2 Description: The issue allows unauthorized access to wipe the database due to a lack of authentication requirement in the reset wizard actions hook. Recommendations: For themegrill-demo-importe...
Emotet Malware Destroys Itself From All Infected Computers
Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emote...
WordPress ThemeGrill Demo Importer plugin <= 1.6.2 - Bypass and Database Wipe vulnerability
Bypass and Database Wipe vulnerability discovered by Dave Patchstack in WordPress ThemeGrill Demo Importer plugin versions = 1.6.2. Solution Update the WordPress ThemeGrill Demo Importer plugin to the latest available version at least 1.6.3...
Security update for nextcloud (moderate)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:1652-1 Rating: moderate References: 1171572 1171579 1177346 Cross-References: CVE-2020-8154 CVE-2020-8155 CVE-2020-8183 CVE-2020-8228 CVE-2020-8233 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1...
Linux/x86 /dev/sda Partition Wiping Shellcode (35 bytes)
Exploit Title: Linux/x86 - Shred /dev/sda wipe partition Shellcode 35 bytes Google Dork: None Exploit Author: cybersaki Vendor Homepage: None Software Link: None Version: None Tested on: Kali linux 2020.2a i386 x86 CVE : none Shellcode-length : 35 SLAE-id : Purchased | email protected ; Descripti...
Flaws in Samsung Phones Exposed Android Users to Remote Attacks
New research disclosed a string of severe security vulnerabilities in the 'Find My Mobile '—an Android app that comes pre-installed on most Samsung smartphones—that could have allowed remote attackers to track victims' real-time location, monitor phone calls, and messages, and even delete data...
About the security content of iOS 12.2 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
OPENSUSE-SU-2020:0670-1 Security update for nextcloud
This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...
OPENSUSE-SU-2020:0668-1 Security update for nextcloud
This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...