Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-6352: Tiff Server security update - Aquaforest

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.

CVE
Open in Source
#web#windows#apple#microsoft#pdf#auth#asp.net
CVE-2023-6342: Courts & Justice | Courts & Public Safety

Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.

Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus

The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.

CVE-2023-47876: WordPress Perfmatters plugin <= 2.1.6 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6.

CVE-2023-38400: WordPress Enfold theme <= 5.6.4 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold - Responsive Multi-Purpose Theme allows Reflected XSS.This issue affects Enfold - Responsive Multi-Purpose Theme: from n/a through 5.6.4.

CVE-2023-47844: WordPress Grab & Save plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4.

CVE-2023-47853: WordPress myCred plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.

CVE-2023-34018: WordPress SoundCloud Shortcode plugin <= 3.1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0.

CVE-2023-47872: WordPress wpForo plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.

CVE-2023-47521: WordPress Q2W3 Post Order plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8.