Lucene search

K

Getsocial, S.A. Security Vulnerabilities

prion
prion

Cross site scripting

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name...

7.5AI Score

0.0004EPSS

2024-02-27 10:15 PM
3
cvelist
cvelist

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name...

7.1AI Score

0.0004EPSS

2024-02-27 12:00 AM
nvd
nvd

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name...

6.9AI Score

0.0004EPSS

2024-02-27 10:15 PM
cve
cve

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name...

7.1AI Score

0.0004EPSS

2024-02-27 10:15 PM
2290
thn
thn

U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists

The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in "developing, operating, and distributing" commercial spyware designed to target government officials, journalists, and...

6.6AI Score

2024-03-06 07:35 AM
19
prion
prion

Cross site scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through...

4.8CVSS

6.9AI Score

0.0004EPSS

2023-12-15 04:15 PM
2
nvd
nvd

CVE-2023-49189

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through...

4.8CVSS

0.0004EPSS

2023-12-15 04:15 PM
cve
cve

CVE-2023-49189

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through...

5.9CVSS

5.4AI Score

0.0004EPSS

2023-12-15 04:15 PM
37
cvelist
cvelist

CVE-2023-49189 WordPress Social Share Buttons & Analytics Plugin – GetSocial.io Plugin <= 4.3.12 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through...

5.9CVSS

5.9AI Score

0.0004EPSS

2023-12-15 03:08 PM
zdt
zdt

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service Vulnerability

VIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter...

7AI Score

2023-10-23 12:00 AM
159
packetstorm

7.1AI Score

2023-10-20 12:00 AM
158
zeroscience
zeroscience

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service

Title: VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service Advisory ID: ZSL-2023-5798 Type: Local/Remote Impact: DoS Risk: (4/5) Release Date: 19.10.2023 Summary The transmitter Blue Plus is designed with all the latest technologies, such as high efficiency using the...

7.6AI Score

2023-10-19 12:00 AM
174
cve
cve

CVE-2023-4997

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege...

8.8CVSS

8.6AI Score

0.001EPSS

2023-10-04 11:15 AM
19
rapid7blog
rapid7blog

Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs

Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton, and Caitlin Condon contributed to this blog. Rapid7’s managed detection and response (MDR) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical and virtual) dating back to at least March 2023. In...

9.1CVSS

7.2AI Score

0.023EPSS

2023-08-29 02:00 PM
31
thn
thn

U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage

The U.S. government on Tuesday added two foreign commercial spyware vendors, Cytrox and Intellexa, to an economic blocklist for weaponizing cyber exploits to gain unauthorized access to devices and "threatening the privacy and security of individuals and organizations worldwide." This includes the....

6.9AI Score

2023-07-19 05:51 AM
23
talos
talos

Diagon Sequence::DrawText heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1744 Diagon Sequence::DrawText heap-based buffer overflow vulnerability July 5, 2023 CVE Number CVE-2023-27390 SUMMARY A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown...

7.8CVSS

9.7AI Score

0.001EPSS

2023-07-05 12:00 AM
8
nessus
nessus

Mandriva Linux Security Advisory : java-1.8.0-openjdk (MDVSA-2015:198)

Multiple vulnerabilities has been discovered and corrected in java-1.8.0-openjdk : Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could.....

3.4CVSS

5.2AI Score

0.975EPSS

2015-04-10 12:00 AM
13
nessus
nessus

Mandriva Linux Security Advisory : openssl (MDVSA-2014:203)

Multiple vulnerabilities has been discovered and corrected in openssl : OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications (such as browsers) will reconnect using a downgraded...

3.4CVSS

5.7AI Score

0.975EPSS

2014-10-24 12:00 AM
33
nessus
nessus

Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)

Multiple vulnerabilities has been discovered and corrected in asterisk : Remote crash when handling out of call message in certain dialplan configurations (CVE-2014-6610). Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566). Mixed IP address families in access control lists may permit.....

3.4CVSS

6.5AI Score

0.975EPSS

2014-11-24 12:00 AM
19
nessus
nessus

Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)

Multiple vulnerabilities has been found and corrected in the Linux kernel : kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial....

8.7AI Score

0.918EPSS

2014-06-13 12:00 AM
24
ics
ics

Siemens SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

7.9AI Score

0.002EPSS

2023-04-13 12:00 PM
17
nessus
nessus

Mandriva Linux Security Advisory : bash (MDVSA-2014:186)

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

9.8CVSS

0.7AI Score

0.976EPSS

2014-09-25 12:00 AM
27
nessus
nessus

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:014)

Multiple security issues were identified and fixed in OpenJDK (icedtea6) : S8006446: Restrict MBeanServer access S8006777: Improve TLS handling of invalid messages S8007688: Blacklist known bad certificate S7123519: problems with certification path S8007393: Possible race condition after...

0.3AI Score

0.018EPSS

2013-02-24 12:00 AM
14
nessus
nessus

Mandriva Linux Security Advisory : openssl (MDVSA-2013:052)

Multiple vulnerabilities has been found and corrected in openssl : OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and...

0.2AI Score

0.007EPSS

2013-04-20 12:00 AM
12
nessus
nessus

Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)

Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an....

-0.4AI Score

0.009EPSS

2013-04-20 12:00 AM
9
nessus
nessus

Mandriva Linux Security Advisory : fetchmail (MDVSA-2012:149)

Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an....

7.9AI Score

0.009EPSS

2012-09-06 12:00 AM
22
nessus
nessus

Mandriva Linux Security Advisory : curl (MDVSA-2012:058)

Multiple vulnerabilities has been found and corrected in curl : curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem (CVE-2011-3389). curl is vulnerable to a data injection attack for certain...

0.1AI Score

0.009EPSS

2012-04-16 12:00 AM
16
nessus
nessus

Mandriva Linux Security Advisory : bash (MDVSA-2015:164)

Updated bash packages fix security vulnerability : A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

9.8CVSS

0.2AI Score

0.976EPSS

2015-03-30 12:00 AM
29
nessus
nessus

Mandriva Linux Security Advisory : python (MDVSA-2012:097)

Multiple vulnerabilities has been discovered and corrected in python : The _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389). A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local...

7.7AI Score

0.16EPSS

2012-09-06 12:00 AM
14
nessus
nessus

Mandriva Linux Security Advisory : python (MDVSA-2012:096)

Multiple vulnerabilities has been discovered and corrected in python : The _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389). A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a...

8AI Score

0.16EPSS

2012-06-21 12:00 AM
24
nessus
nessus

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:170)

Security issues were identified and fixed in openjdk (icedtea6) and icedtea-web : IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking (CVE-2011-3547). IcedTea6 prior to 1.10.4...

0.7AI Score

0.972EPSS

2011-11-14 12:00 AM
21
nessus
nessus

Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:095)

Updated java-1.7.0-openjdk packages fix security vulnerabilities : Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2012-3174, CVE-2013-0422). Multiple...

1.3AI Score

0.972EPSS

2013-04-20 12:00 AM
19
cve
cve

CVE-2021-20990

In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery...

7.5CVSS

7.6AI Score

0.016EPSS

2021-04-19 02:15 PM
58
2
cve
cve

CVE-2021-20989

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be.....

5.9CVSS

5.8AI Score

0.026EPSS

2021-04-19 02:15 PM
61
4
threatpost
threatpost

400 Banks’ Customers Targeted with Anubis Trojan

Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A. Researchers say this is just the...

0.3AI Score

2021-12-14 08:23 PM
63
apple
apple

About the security content of macOS Monterey 12.0.1

About the security content of macOS Monterey 12.0.1 This document describes the security content of macOS Monterey 12.0.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

8.8CVSS

9.6AI Score

0.007EPSS

2021-10-25 12:00 AM
19
apple
apple

About the security content of macOS Big Sur 11.6

About the security content of macOS Big Sur 11.6 This document describes the security content of macOS Big Sur 11.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

9.1CVSS

9.1AI Score

0.01EPSS

2021-09-13 12:00 AM
7
packetstorm

8.8CVSS

0.7AI Score

0.075EPSS

2021-08-19 12:00 AM
394
threatpost
threatpost

1M Stolen Credit Cards Hit Dark Web for Free

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated to…selling payment-card credentials. Researchers from threat intelligence firm Cyble noticed the leak of the payment-card data during a...

-0.6AI Score

2021-08-10 01:47 PM
48
cve
cve

CVE-2021-20992

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and...

8.1CVSS

7.4AI Score

0.026EPSS

2021-04-19 02:15 PM
56
4
cve
cve

CVE-2021-20991

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection...

9.8CVSS

8.9AI Score

0.031EPSS

2021-04-19 02:15 PM
64
5
zdt
zdt

NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation Vulnerability

NuCom 11N Wireless Router version 5.07.90 suffers from a remote privilege escalation vulnerability. The non-privileged default user (user:user) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials)....

0.9AI Score

2021-03-11 12:00 AM
28
exploitdb

7.4AI Score

2021-03-11 12:00 AM
255
zeroscience
zeroscience

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation

Title: NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation Advisory ID: ZSL-2021-5629 Type: Local/Remote Impact: Privilege Escalation Risk: (4/5) Release Date: 10.03.2021 Summary The NC routers upgrades your network to the next generation of WiFi. With combined wireless speeds of up...

7.5AI Score

2021-03-10 12:00 AM
104
packetstorm

1AI Score

2021-03-10 12:00 AM
168
symantec
symantec

Privilege Escalation and Information Disclosure Vulnerabilities in SMG

Summary Symantec Messaging Gateway (SMG) is susceptible to privilege escalation and information disclosure vulnerabilities. A malicious, authenticated, privileged user can further elevate their privileges on the system, or obtain a password for a remote SCP backup server that they might not...

7.2CVSS

1AI Score

0.001EPSS

2020-12-08 09:25 PM
34
exploitdb

7.3AI Score

2020-07-02 12:00 AM
1095
Total number of security vulnerabilities3231