#git

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

By Uzair Amir COTI's V2 confidentiality layer secures Civic's Dynamic DID, empowering users with control over their data and seamless regulatory compliance. This is a post from HackRead.com Read the original post: COTI and Civic Partner to Give Users Self-sovereignty of Their Digital Identity

By Uzair Amir Curious to learn how GoMining is pioneering the democratization of crypto mining? Read on as we explore their approach, technicals, and how they ensure safety for their users. This is a post from HackRead.com Read the original post: GoMining Review: This Platform Makes Bitcoin Mining Possible Through NFTs

Meta will retire social media tracking tool CrowdTangle in August 2024, which is awkward timing given the amount of important elections this year.

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.

The /proxy route allows a user to proxy arbitrary urls including potential internal endpoints.

By Waqas Tributes turned toxic as crooks abuse AI. This is a post from HackRead.com Read the original post: AI Generated Fake Obituary Websites Target Grieving Users

An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.

An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.