Getsocial, S.A. Security Vulnerabilities

Cross site scripting

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name...

CVE-2024-26542

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name...

U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists

The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in "developing, operating, and distributing" commercial spyware designed to target government officials, journalists, and...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Denial Of Service Exploit

...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service

...

Cross site scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through...

CVE-2023-49189

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through...

CVE-2023-49189

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through...

CVE-2023-49189 WordPress Social Share Buttons & Analytics Plugin – GetSocial.io Plugin <= 4.3.12 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service Vulnerability

VIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service

...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service

Title: VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service Advisory ID: ZSL-2023-5798 Type: Local/Remote Impact: DoS Risk: (4/5) Release Date: 19.10.2023 Summary The transmitter Blue Plus is designed with all the latest technologies, such as high efficiency using the...

CVE-2023-4997

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege...

Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs

Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton, and Caitlin Condon contributed to this blog. Rapid7’s managed detection and response (MDR) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical and virtual) dating back to at least March 2023. In...

U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage

The U.S. government on Tuesday added two foreign commercial spyware vendors, Cytrox and Intellexa, to an economic blocklist for weaponizing cyber exploits to gain unauthorized access to devices and "threatening the privacy and security of individuals and organizations worldwide." This includes the....

Diagon Sequence::DrawText heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1744 Diagon Sequence::DrawText heap-based buffer overflow vulnerability July 5, 2023 CVE Number CVE-2023-27390 SUMMARY A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown...

Mandriva Linux Security Advisory : java-1.8.0-openjdk (MDVSA-2015:198)

Multiple vulnerabilities has been discovered and corrected in java-1.8.0-openjdk : Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could.....

Mandriva Linux Security Advisory : openssl (MDVSA-2014:203)

Multiple vulnerabilities has been discovered and corrected in openssl : OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications (such as browsers) will reconnect using a downgraded...

Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)

Multiple vulnerabilities has been discovered and corrected in asterisk : Remote crash when handling out of call message in certain dialplan configurations (CVE-2014-6610). Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566). Mixed IP address families in access control lists may permit.....

Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)

Multiple vulnerabilities has been found and corrected in the Linux kernel : kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial....

Siemens SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Mandriva Linux Security Advisory : bash (MDVSA-2014:186)

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

Mandriva Linux Security Advisory : openssl (MDVSA-2013:052)

Multiple vulnerabilities has been found and corrected in openssl : OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and...

Mandriva Linux Security Advisory : fetchmail (MDVSA-2012:149)

Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an....

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:014)

Multiple security issues were identified and fixed in OpenJDK (icedtea6) : S8006446: Restrict MBeanServer access S8006777: Improve TLS handling of invalid messages S8007688: Blacklist known bad certificate S7123519: problems with certification path S8007393: Possible race condition after...

Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)

Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds (SSL_OP_ALL) which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an....

Mandriva Linux Security Advisory : curl (MDVSA-2012:058)

Multiple vulnerabilities has been found and corrected in curl : curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem (CVE-2011-3389). curl is vulnerable to a data injection attack for certain...

Mandriva Linux Security Advisory : bash (MDVSA-2015:164)

Updated bash packages fix security vulnerability : A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

Mandriva Linux Security Advisory : python (MDVSA-2012:097)

Multiple vulnerabilities has been discovered and corrected in python : The _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389). A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local...

Mandriva Linux Security Advisory : python (MDVSA-2012:096)

Multiple vulnerabilities has been discovered and corrected in python : The _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389). A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:170)

Security issues were identified and fixed in openjdk (icedtea6) and icedtea-web : IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking (CVE-2011-3547). IcedTea6 prior to 1.10.4...

Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:095)

Updated java-1.7.0-openjdk packages fix security vulnerabilities : Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2012-3174, CVE-2013-0422). Multiple...

CVE-2021-20990

In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery...

CVE-2021-20989

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be.....

400 Banks’ Customers Targeted with Anubis Trojan

Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A. Researchers say this is just the...

About the security content of macOS Monterey 12.0.1

About the security content of macOS Monterey 12.0.1 This document describes the security content of macOS Monterey 12.0.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

About the security content of macOS Big Sur 11.6

About the security content of macOS Big Sur 11.6 This document describes the security content of macOS Big Sur 11.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials

...

Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials Vulnerability

...

1M Stolen Credit Cards Hit Dark Web for Free

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated to…selling payment-card credentials. Researchers from threat intelligence firm Cyble noticed the leak of the payment-card data during a...

CVE-2021-20992

In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be eavesdropped to hijack sessions, tokens and...

CVE-2021-20991

In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection...

NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation Vulnerability

NuCom 11N Wireless Router version 5.07.90 suffers from a remote privilege escalation vulnerability. The non-privileged default user (user:user) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials)....

NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation

...

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation

Title: NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation Advisory ID: ZSL-2021-5629 Type: Local/Remote Impact: Privilege Escalation Risk: (4/5) Release Date: 10.03.2021 Summary The NC routers upgrades your network to the next generation of WiFi. With combined wireless speeds of up...

NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation

...

Privilege Escalation and Information Disclosure Vulnerabilities in SMG

Summary Symantec Messaging Gateway (SMG) is susceptible to privilege escalation and information disclosure vulnerabilities. A malicious, authenticated, privileged user can further elevate their privileges on the system, or obtain a password for a remote SCP backup server that they might not...

WhatsApp Remote Code Execution - Paper

...