Fedora: Security Advisory for libre (FEDORA-2024-a63e807450)
The remote host is missing an update for...
7.5AI Score
WooCommerce Customers Manager < 29.7 - Subscriber+ SQL Injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role. Note: v29.5 added authorisation, however the injection was not fixed and still exploitable by users with the manage_woocommerce.....
7.4AI Score
0.0004EPSS
Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) PoC 1. Go to the plugin setting and in the "Restore" section...
9.3AI Score
0.0004EPSS
WooCommerce Customers Manager < 29.7 - Subscriber+ SQL Injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role. Note: v29.5 added authorisation, however the injection was not fixed and still exploitable by users with the manage_woocommerce.....
7.3AI Score
0.0004EPSS
Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite...
9.4AI Score
0.0004EPSS
7.4AI Score
Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability
A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an...
9.8CVSS
9AI Score
0.374EPSS
[SECURITY] Fedora 40 Update: libre-3.10.0-1.fc40
Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack (RFC 3261), SDP, RTP and RTCP, SRTP and SRTCP (Secure RTP), DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O (poll, epoll, select,...
7.4AI Score
Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware
The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with...
7.4AI Score
7.4AI Score
0.0004EPSS
This post-exploitation keylogger will covertly exfiltrate keystrokes to a server. These tools excel at lightweight exfiltration and persistence, properties which will prevent detection. It uses DNS tunelling/exfiltration to bypass firewalls and avoid detection. Server Setup The server uses...
7.5AI Score
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation for Multiplatforms. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote...
7.5CVSS
6.7AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
7.4AI Score
0.001EPSS
6.5CVSS
7.2AI Score
0.0005EPSS
7.5CVSS
7.2AI Score
EPSS
7.4AI Score
EPSS
7.4AI Score
0.001EPSS
6.5CVSS
7.4AI Score
0.0005EPSS
7.8CVSS
7.2AI Score
EPSS
7.8CVSS
7.4AI Score
0.001EPSS
6.5CVSS
7.4AI Score
0.0005EPSS
7.4AI Score
0.0004EPSS
7.5CVSS
7.4AI Score
0.001EPSS
Navigating Evolving Cybersecurity: Recent Trends and Future Outlook
“Those who fail to learn from history are doomed to repeat it." - Winston Churchill While Churchill may not have been the first person to use a variation of this quote, the essence of its meaning rang true then and still does today. In this spirit, and so that we may collectively learn and evolve.....
7.5AI Score
SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty Extravaganza,.....
8.8CVSS
8.1AI Score
0.0004EPSS
This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on, and produces a target specific wordlist to use for fuzzing. The full Help documentation can be....
7.4AI Score
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote...
7.5CVSS
7.9AI Score
0.001EPSS
update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead. Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade for....
7.2AI Score
7.4AI Score
0.0004EPSS
Shodan Dorks by twitter.com/lothos612 Feel free to make suggestions Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:"Bangalore" country: Find devices in a particular country. country:"IN" geo: Find devices by giving geographical coordinates....
9.8CVSS
7.3AI Score
0.974EPSS
7.4AI Score
USN-6296-1: PostgreSQL vulnerabilities | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the...
8.8CVSS
8.4AI Score
0.001EPSS
Update Rollup 6 for System Center 2019 Virtual Machine Manager
Update Rollup 6 for System Center 2019 Virtual Machine Manager Applies to Microsoft System Center 2019 Virtual Machine Manager Introduction This article lists the new enhancements and bug fixes that come with System Center Virtual Machine Manager 2019 UR6 release. This article also provides the...
6.6AI Score
4.9CVSS
7.4AI Score
0.001EPSS
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data...
9.8CVSS
9.5AI Score
0.099EPSS
PrestaShop Step by Step products Pack - SQL Injection
In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected...
9.8CVSS
9.9AI Score
0.066EPSS
PrestaShop PireosPay - SQL Injection
In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected...
8.8CVSS
9.1AI Score
0.079EPSS
Dorkish - Chrome Extension Tool For OSINT & Recon
During reconaissance phase or when doing OSINT , we often use google dorking and shodan and thus the idea of Dorkish. Dorkish is a Chrome extension tool that facilitates custom dork creation for Google and Shodan using the builder and it offers prebuilt dorks for efficient reconnaissance and...
7.1AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4Shell Vulnerable Application(l4s-vulnapp) This is a...
9AI Score
Update Rollup 6 for System Center 2019 Orchestrator
Update Rollup 6 for System Center 2019 Orchestrator Applies to: System Center 2019 Orchestrator System Center 2019 Orchestrator UR1 System Center 2019 Orchestrator UR2 System Center 2019 Orchestrator UR3 Introduction This article describes the issues that have been fixed for Microsoft System...
7.2AI Score
7.4AI Score
Security Bulletin: IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow.
Summary IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow when invoked with invalid parameters. Vulnerability Details ** CVEID: CVE-2023-28527 DESCRIPTION: **IBM Informix cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could...
8.4CVSS
6.7AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.6AI Score
0.303EPSS
How to update outdated software on Mac endpoints: Introducing ThreatDown VPM for Mac
ThreatDown is happy to announce that our Vulnerability Assessment and Patch Management (VPM) tool is now available for Mac endpoints. There are hundreds of third-party apps that Mac endpoint use on a daily basis—and with that large number of apps comes a dizzying amount of software updates to...
7.2AI Score
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient.....
6.4CVSS
6AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient.....
6.4CVSS
5.7AI Score
0.0004EPSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient.....
6.4CVSS
6.1AI Score
0.0004EPSS
Demystifying a Common Cybersecurity Myth
One of the most common misconceptions in file upload cybersecurity is that certain tools are "enough" on their own—this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today's...
6.8AI Score
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient.....
6.4CVSS
5.8AI Score
0.0004EPSS