Cisco Systems, Inc. Security Vulnerabilities

CVE-2024-4630

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it...

Quassel IRC credential gatherer

PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...

Exploit for CVE-2023-22515

Confluence Hack CVE-2023-22515 exploit.py Exploit to...

Mozilla Firefox ESR < 60.6

The version of Firefox ESR installed on the remote Windows host is prior to 60.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-08 advisory. A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using ...

SUSE SLES12 Security Update : python-requests (SUSE-SU-2024:1946-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1946-1 advisory. - CVE-2024-35195: Fixed cert verification regardless of changes to the value of verify (bsc#1224788). Tenable has extracted the preceding...

SUSE SLES12 Security Update : python-Jinja2 (SUSE-SU-2024:1948-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1948-1 advisory. - CVE-2024-34064: Fixed HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980) Tenable has extracted...

CVE-2024-5851 playSMS SMS Schedule cross site scripting

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

CVE-2024-5851 playSMS SMS Schedule cross site scripting

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Schedule Handler. The manipulation of the argument name/message leads to basic cross site scripting. It....

Mozilla Firefox < 66.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained...

Mozilla Firefox < 66.0

The version of Firefox installed on the remote Windows host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using ...

Microsoft Windows Multiple Vulnerabilities (KB4528760)

This host is missing a critical security update according to Microsoft...

2024-05 Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5037768)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

2024-05 Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5037768)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

MyBB HTTP Header 'CLIENT-IP' Field SQLi

The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'CLIENT-IP' request header before using it in a database query when initiating a session in the inc/class_session.php script. A remote attacker...

CVE-2021-47249

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket sock, struct msghdr msg, size_t size, int msg_flags) { ......

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers....

2024-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

Exploit for Use After Free in Microsoft

CVE-2023-36802 Local Privilege Escalation POC authors:...

Sylpheed email credential gatherer

PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...

2024-05 Dynamic Cumulative Update for Windows 10 Version 22H2 for ARM64-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

Halloy IRC credential gatherer

PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...

CarotDAV credential gatherer

PackRat is a post-exploitation module that gathers file and information artifacts from end users' systems. PackRat searches for and downloads files of interest (such as config files, and received and deleted emails) and extracts information (such as contacts and usernames and passwords), using...

2024-05 Dynamic Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

2024-05 Dynamic Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4592471)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4565483)

This host is missing a critical security update according to Microsoft...

CVE-2024-33622

Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated...

Mozilla Firefox ESR < 115.12

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...

CVE-2024-4398

The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2500

The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...

CVE-2024-2500

The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...

MOVEit Transfer - SQL Injection

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain...

2024-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

2024-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5037768)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

CVE-2024-1100

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...

Mozilla Thunderbird < 115.12

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-28 advisory. Memory corruption in the networking stack could have led to a potentially exploitable crash. ...

Microsoft Windows Multiple Vulnerabilities (KB4540673)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4532693)

This host is missing a critical security update according to Microsoft...

Dell EMC OpenManage Server Administrator (OMSA) Detection (HTTP)

HTTP based detection of Dell EMC OpenManage Server Administrator...

TIBCO Security Advisory: May 14, 2024 - TIBCO Hawk - CVE-2024-3182

**TIBCO Hawk install-time password disclosure vulnerability ** Original release date: May 14, 2024 Last revised: --- CVE-2024-3182 Source: TIBCO Software Inc. Products Affected TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3. Component Affected: TIBCO Hawk Universal Installer including the...

2024-05 Cumulative Update for Microsoft server operating system, version 22H2 for x64-based Systems (KB5037782)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

2024-05 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5037782)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

CVE-2023-35720

ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists.....

OpenSSL 1.0.2 < 1.0.2ze Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2ze. It is, therefore, affected by a vulnerability as referenced in the 1.0.2ze advisory. The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some...

OpenSSL 1.1.1 < 1.1.1o Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1o. It is, therefore, affected by a vulnerability as referenced in the 1.1.1o advisory. The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some...

2024-05 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5037782)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

Microsoft Windows Multiple Vulnerabilities (KB4586827)

This host is missing a critical security update according to Microsoft...

Genesco Inc. Confirms Payment Card Data Breach in U.S. Stores

Specialty retailer Genesco Inc. announced on Friday that it experienced a criminal intrusion into the part of its computer network that processes payment card transactions. Some card details might have been compromised. However, the company quickly secured the affected network segment and...

Microsoft Windows Multiple Vulnerabilities (KB4580345)

This host is missing a critical security update according to Microsoft...

CVE-2024-4700 WP Table Builder – WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...