Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-5610

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect

CVE
Open in Source
#wordpress#auth
CVE-2023-48309: Possible user mocking that bypasses basic authentication

NextAuth.js provides authentication for Next.js. `next-auth` applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce). Manually overriding the `next-auth.session-token` cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string). This vulnerability does not give access to other users' data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.) This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout). `next-auth` `v4.24.5` contains a patch for the vulne...

CVE-2023-48300: Missing escaping for show_all attribute in opt-out shortcode

The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue.

Hacker Leaks Vaccination Records of Over 2 Million Turkish Citizens

By Waqas The database was leaked in September 2023; however, it is still accessible to individuals with forum access. This is a post from HackRead.com Read the original post: Hacker Leaks Vaccination Records of Over 2 Million Turkish Citizens

Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records

A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.

LummaC2 v4.0 Malware Stealing Data with Trigonometry to Detect Human Users

By Deeba Ahmed LummaC2 is back as LummaC2 v4.0. This is a post from HackRead.com Read the original post: LummaC2 v4.0 Malware Stealing Data with Trigonometry to Detect Human Users

Magento 2.4.6 XSLT Server Side Injection

Magento version 2.4.6 XSLT server-side injection proof of concept exploit.

PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting

PHPJabbers Availability Booking Calendar version 5.0 suffers from multiple cross site scripting vulnerabilities.

PHPJabbers Availability Booking Calendar 5.0 CSV Injection

PHPJabbers Availability Booking Calendar version 5.0 suffers from a CSV injection vulnerability.

GaatiTrack Courier Management System 1.0 Cross Site Scripting

GaatiTrack Courier Management System version 1.0 suffers from multiple cross site scripting vulnerabilities.