EC-CUBE CO.,LTD. Security Vulnerabilities

Input validation

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...

Ripple Co-Founder’s Personal XRP Wallet Breached in $112 Million Hack

By Deeba Ahmed Ripple’s co-founder Chris Larsen has acknowledged that his personal XRP wallet was hacked. This is a post from HackRead.com Read the original post: Ripple Co-Founder's Personal XRP Wallet Breached in $112 Million...

CVE-2023-40653

In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges...

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its....

EC-CUBE XSS Vulnerabilities

Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2024-24877 WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through...

Softing edgeConnector

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Low attack complexity Vendor: Softing Equipment: edgeConnector Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions that...

Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-0601836)

Beijing Yisaitong Science and Technology Development Limited Liability Company is a company whose business scope includes general items: technical services, technology development, technology consulting, technology exchanges, technology transfer and so on. There is a command execution...

How Public AI Can Strengthen Democracy

With the world's focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we're learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...

CVE-2023-5643 Mali GPU Kernel Driver allows improper GPU memory processing operations

Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel.....

CVE-2022-43703

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended...

Wyze cameras show the wrong feeds to customers. Again.

Last September, we wrote an article about how Wyze home cameras temporarily showed other people’s security feeds. As far as home cameras go, we said this is absolutely up there at the top of the “things you don’t want to happen” list. Turning your customers into Peeping Tom against their will and.....

CVE-2023-5249 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn...

About the security content of iOS 17.4 and iPadOS 17.4

About the security content of iOS 17.4 and iPadOS 17.4 This document describes the security content of iOS 17.4 and iPadOS 17.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

Command Execution Vulnerability in RG-UAC Ruijie Unified Internet Behavior Management and Audit System of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-0589958)

RG-UAC Ruijie Unified Internet Behavior Management and Auditing System is an Internet behavior management and auditing product. A command execution vulnerability exists in the RG-UAC Ruijie Unified Internet Behavior Management and Audit System of Beijing StarNet Ruijie Network Technology Co. Ltd,.....

A Cyber Insurance Backstop

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The malware ultimately infected more than 40,000 of.....

Massive utility scam campaign spreads via online ads

For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten...

SQL Injection Vulnerability in FineReport of Sailsoft Software Ltd.

Fansoft Software Ltd. is a professional big data BI and analytics platform provider in China. A SQL injection vulnerability exists in FineReport of FanSoft Software Co. Ltd, which can be exploited by attackers to obtain sensitive information from the...

CVE-2023-43996

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

CVE-2023-43996

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

BullGuard Antivirus Detection (Windows SMB Login)

Detects the installed version of BullGuard Anti-Virus. The script logs in via smb, searches...

BullGuard Backup Detection (Windows SMB Login)

Detects the installed version of BullGuard Backup. The script logs in via smb, searches...

CVE-2022-43702

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious...

CVE-2023-7014

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

BullGuard Premium Protection Detection (Windows SMB Login)

Detects the installed version of BullGuard Premium Protection. The script logs in via smb, searches...

BullGuard Internet Security Detection (Windows SMB Login)

Detects the installed version of BullGuard Internet Security. The script logs in via smb, searches...

Debian: Security Advisory (DSA-1237)

The remote host is missing an update for the...

File Upload Vulnerability in Yonghong BI of Beijing Yonghong Business Intelligence Technology Co.

Beijing Yonghong Business Intelligence Technology Co., Ltd. is committed to providing global enterprises with big data technology products and services, relying on independent intellectual property rights of the one-stop big data platform to form a perfect product and service system, with...

Command Execution Vulnerability in Green Alliance Operations and Maintenance Security Management System

Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Security....

Malicious input can provoke XSS when preserving comments

Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in....

Debian: Security Advisory (DSA-1233)

The remote host is missing an update for the...

Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability Summary: | Product | Grav CMS | | ----------------------- |...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2264)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl1.1.0f (EulerOS-SA-2019-2254)

The remote host is missing an update for the Huawei...

CVE-2024-22372

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and...

Buffer overflow

STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus....

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices. If you find new issues, please let us know one of the following ways File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta...

Ubuntu: Security Advisory (USN-395-1)

The remote host is missing an update for...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1274)

The remote host is missing an update for the Huawei...

CVE-2023-30559

The firmware update package for the wireless card is not properly signed and can be...

Author Box, Guest Author and Co-Authors for Your Posts – Molongui < 4.7.5 - Information Exposure via ma_debug

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if...

Huawei EulerOS: Security Advisory for openssl110h (EulerOS-SA-2019-2218)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2020-1061)

The remote host is missing an update for the Huawei...

CVE-2023-43996

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2216)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2019-2430)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2019-2098)

The remote host is missing an update for the Huawei...

Command Execution Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03256)

Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by an attacker to....

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...