Yan&Co Security Vulnerabilities

SUSE: Security Advisory (SUSE-SU-2020:3372-1)

The remote host is missing an update for...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...

Apache Log4j allows insecure JNDI lookups

Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description The....

Mageia: Security Advisory (MGASA-2019-0354)

The remote host is missing an update for...

Debian: Security Advisory (DSA-3735-1)

The remote host is missing an update for the...

SUSE: Security Advisory (SUSE-SU-2021:1930-1)

The remote host is missing an update for...

Molongui < 4.6.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.19 due to insufficient input sanitization and output escaping. This makes it possible for....

SUSE: Security Advisory (SUSE-SU-2020:3514-1)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2016-0428)

The remote host is missing an update for...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

Command Execution Vulnerability in RG-UAC Ruijie Unified Internet Behavior Management and Audit System of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-0589958)

RG-UAC Ruijie Unified Internet Behavior Management and Auditing System is an Internet behavior management and auditing product. A command execution vulnerability exists in the RG-UAC Ruijie Unified Internet Behavior Management and Audit System of Beijing StarNet Ruijie Network Technology Co. Ltd,.....

CVE-2023-43996

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

Debian: Security Advisory (DLA-1801-1)

The remote host is missing an update for the...

CVE-2023-43996

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

Command Execution Vulnerability in SuperMap iPortal of Beijing SuperMap Software Co.

SuperMap iPortal is a GIS portal platform for cloud computing, which enables the integration, discovery, sharing and management of various GIS resources such as maps, services, scenes and data, and also monitors multiple GIS servers within the organization to ensure the safe and stable operation...

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture

The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including...

Unauthorized Access Vulnerability in ShopXO of Shanghai Zongzig Technology Co.

ShopXO is enterprise-level B2C open source e-commerce system. Ltd. ShopXO has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive...

Weak Password Vulnerability in MSG3100 at Resconda Technology Development Co.

MSG3100 is a box-type IP PBX product for government and enterprise customers, applicable to enterprises with less than 300 people, adopting 1U box-type design, used at the interface between enterprise internal network and access network, to meet the business needs of enterprise voice and data....

Mageia: Security Advisory (MGASA-2017-0046)

The remote host is missing an update for...

Command Execution Vulnerability in Green Alliance Operations and Maintenance Security Management System

Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Security....

Debian: Security Advisory (DSA-2533-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3624-1)

The remote host is missing an update for the...

CVE-2024-22372

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and...

SQL Injection Vulnerability in FineReport of Sailsoft Software Ltd.

Fansoft Software Ltd. is a professional big data BI and analytics platform provider in China. A SQL injection vulnerability exists in FineReport of FanSoft Software Co. Ltd, which can be exploited by attackers to obtain sensitive information from the...

CVE-2023-43996

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

CVE-2023-51767

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

Command Execution Vulnerability in SuperMap iServer 10i of Beijing SuperMap Software Co.

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. A command execution vulnerability exists in SuperMap iServer 10i of Beijing SuperMap Software Co. Ltd. that can be exploited by an attacker to gain control of the...

Command Execution Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03256)

Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by an attacker to....

Shanghai Zhongyun Digital Win Cloud Computing Technology Co., Ltd Shanghai Old Cadre APP has Logic Flaw Vulnerability

Shanghai Old Cadre app is a senior activity software specially created for some party members and old cadres in Shanghai. Shanghai Zhongyun Digital Win Cloud Computing Technology Co. Shanghai Old Cadre App has a logic flaw vulnerability that can be exploited by attackers to cause SMS...

SUSE: Security Advisory (SUSE-SU-2018:2051-1)

The remote host is missing an update for...

CVE-2024-22113

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted...

SQL Injection Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03265)

Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A SQL injection vulnerability exists in the Yisetong electronic document security management system, which can be exploited by attackers to...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-1698)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). CVE-2020-24490: Fixed a heap buffer...

Arbitrary File Read Vulnerability in Damon Qizi Conference Data Visualization System (DMQZDV Experience Edition) of Wuhan Damon Database Co.

Damon Qiji big data visualization system is a one-stop tool platform for big data display. An arbitrary file read vulnerability exists in the Damon Qizhi Big Data Visualization System (DMQZDV Experience Version) of Wuhan Damon Database...

Mageia: Security Advisory (MGASA-2021-0272)

The remote host is missing an update for...

Authorization

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...

Breaking unlinkability in Identity Mixer using malicious keys

CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...

Breaking unlinkability in Identity Mixer using malicious keys

CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key...

openSUSE Security Update : nsd (openSUSE-2020-2222)

This update for nsd fixes the following issues : nsd was updated to the new upstream release 4.3.4 FEATURES : Merge PR #141: ZONEMD RR type. BUG FIXES : Fix that symlink does not interfere with chown of pidfile (boo#1179191, CVE-2020-28935) Fix #128: Fix that the invalid port number is...

cuevana123.co Cross Site Scripting vulnerability OBB-3737743

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Stable Channel Update for ChromeOS / ChromeOS Flex

Hello All, The Stable channel is being updated to 120.0.6099.235 (Platform version: 15662.76.0) for ChromeOS devices and will be rolled out over the next few days. If you find new issues, please let us know one of the following ways: File a bug Visit our Chrome OS communities General: Chromebook...

Unauthorized Access Vulnerability in the MEGVII Face Recognition Passing Platform of Beijing Kuangyi Technology Co.

Beijing Kuangshi Technology Co., Ltd. is an artificial intelligence company focusing on IoT scenarios. An unauthorized access vulnerability exists in the Kuangxiang MEGVII face recognition pass platform of Beijing Kuangxiang Technology Co. that can be exploited by attackers to obtain sensitive...

Unauthorized Access Vulnerability in SuperMap iServer of Beijing SuperMap Software Co.

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...

FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and...

Unauthorized Access Vulnerability in Website Monitoring and Warning Platform of Yuanjiang Shengbang (Beijing) Network Security Technology Co.

Ltd. is an independent innovative enterprise dedicated to WEB application security solutions and application delivery. There is an unauthorized access vulnerability in the website monitoring and warning platform of Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd, which can be...

Xerox Workcentre 5735 LDAP Service Redential Extractor

This module extract the printer's LDAP username and password from Xerox Workcentre...

Directory Traversal Vulnerability in the Training Platform of Shenzhen Sigma Data Technology Co.

Shenzhen Sigma Data Technology Co., Ltd. is an enterprise mainly engaged in software and information technology service industry. Shenzhen Sigma Data Technology Co., Ltd. practical training teaching platform (to fish with the party) there is a directory traversal vulnerability, an attacker can use....

U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage

The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential...

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through...

Unauthorized access vulnerability in SuperMap iServer of Beijing SuperMap Software Co. Ltd (CNVD-2023-61163)

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...