#web

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.

Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter," the web infrastructure

By Owais Sultan NEOBRED, a blockchain horse racing game, has announced that it is integrating with the Avalanche blockchain. The integration… This is a post from HackRead.com Read the original post: Horse Racing Game NEOBRED Integrates with Avalanche for Elite Gaming Experience

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <= 2.0.0.1 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Dingtian Equipment: DT-R002 Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Dingtian DT-R002, a relay board, are affected: DT-R002: version 3.1.276A 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294 relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request. CVE-2022-29593 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Vulnerabilities: Out-of-Bounds Read, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code by using a memory buffer overflow or using an uninitialized pointer in the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Arena, a simulation software, are affected: Arena: Version 16.20.00001 3.2 Vulnerability Overview 3.2.1 OUT OF BOUNDS READ CWE-125 Version 16.20 of Rockwell Automation's Arena software contains an out-of-bounds read vulnerability when certain malformed files are processed. An attacker with local access could utilize this to potentially leak memory or achieve arbitrary code execution. CVE-2023-27854 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/U...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Sielco Equipment: Analog FM Transmitters and Radio Link Vulnerabilities: Improper Access Control, Cross-Site Request Forgery, Privilege Defined with Unsafe Actions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, access restricted pages, or hijack sessions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Sielco devices are affected: Analog FM transmitter: 2.12 (EXC5000GX) Analog FM transmitter: 2.12 (EXC120GX) Analog FM transmitter: 2.11 (EXC300GX) Analog FM transmitter: 2.10 (EXC1600GX) Analog FM transmitter: 2.10 (EXC2000GX) Analog FM transmitter: 2.08 (EXC1600GX) Analog FM transmitter: 2.08 (EXC1000GX) Analog FM transmitter: 2.07 (EXC3000GX) Analog FM transmitter: 2.06 (EXC5000GX) Analog FM transmitter: 1.7.7 (EXC30GT) Analog FM transmitter: 1.7.4 (EXC300GT) Analog FM transmi...