Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2023-2636

The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber

CVE
Open in Source
#sql#wordpress#perl
CVE-2022-4023: Vulnerabilities Found in the 3DPrint Premium Plugin

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into submitting a form. Furthermore the created archive has a predictable location and name, allowing the attacker to download the file if they know the time at which the form was submitted, making it possible to leak sensitive files like the WordPress configuration containing database credentials and secrets.

CVE-2023-1893

The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.

CVE-2023-2507: GitHub - CleverTap/clevertap-cordova: CleverTap Cordova Plugin

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.

Tax preparation firms shared sensitive information with Meta

Categories: News Categories: Privacy Tags: tax preparation Tags: Meta Tags: Pixel Tags: Markup Tax preparation firms shared personal and financial information with social media giant Meta (Read more...) The post Tax preparation firms shared sensitive information with Meta appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-6229-1

Ubuntu Security Notice 6229-1 - It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service

CVE-2023-3434

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.

CVE-2023-30559: BD Alaris™ System with Guardrails™ Suite MX

The firmware update package for the wireless card is not properly signed and can be modified.

CVE-2023-33768: Wemo Smart Plug (Simple Setup Smart Outlet for Smart Home, Control Lights and Devices Remotely Works w/Alexa, Google Assistant, Apple HomeKit)(Pack of 1) - - Amazon.com

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation

Uncovered issues fall into use-after-free, buffer-overflow, information leak and denial of service vulnerability classes. Some of these could be combined to achieve remote code execution or privilege escalation.