Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts

By Deeba Ahmed The internet's underbelly is thriving on stolen identities and fake accounts, fueling mass phishing campaigns, identity theft rings, and DDoS attacks. This is a post from HackRead.com Read the original post: Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts

HackRead
Open in Source
#vulnerability#web#mac#microsoft#ddos#git#intel#oauth#auth
Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime

Ten years in, Microsoft’s DCU has honed its strategy of using both unique legal tactics and the company’s technical reach to disrupt global cybercrime and state-backed actors.

CVE-2023-6595: WhatsUp Gold Network Monitoring Software | Progress

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.

CVE-2023-49841: WordPress Optin Forms plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3.

CVE-2023-49820: WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.

CVE-2023-49813: WordPress WP Photo Album Plus plugin <= 8.5.02.005 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.

CVE-2023-49771: WordPress Smart External Link Click Monitor [Link Log] plugin <= 5.0.2 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Reflected XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.

CVE-2023-49770: WordPress Smart External Link Click Monitor [Link Log] plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Stored XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2.

CVE-2023-49766: WordPress Ultimate Addons for Contact Form 7 plugin <= 3.2.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.0.

CVE-2023-49195: WordPress Nested Pages plugin <= 3.2.6 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6.