Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-5712: System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value) — Wordfence Intelligence

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information.

CVE
Open in Source
#vulnerability#web#wordpress#intel#perl#auth
CVE-2023-5714: System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs) — Wordfence Intelligence

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs.

GHSA-3rpx-pgmf-j96h: Microweber Business Logic Errors

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.0. Unpublished and deleted product(s) can be added to checkout.

CVE-2023-6566

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

CVE-2023-46353: [CVE-2023-46353] Improper neutralization of SQL parameter in My Presta.eu - Product Tag Icons Pro for PrestaShop

In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE-2023-46354: [CVE-2023-46354] Exposure of Private Personal Information to an Unauthorized Actor in MyPrestaModules - Orders (CSV, Excel) Export PRO module for PrestaShop

In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address.

Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!

By Waqas Kali Linux Unveils Feature Rich 2023.4 Release with Cloud ARM64, Vagrant Hyper-V, Raspberry Pi 5, and More! This is a post from HackRead.com Read the original post: Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!

The Binance Crackdown Will Be an 'Unprecedented' Bonanza for Crypto Surveillance

Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.”

Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader

Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin.

CVE-2023-45285: [security] Go 1.21.5 and Go 1.20.12 are released

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).