Aggregator

A vulnerability was found in TDizin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file arama.asp. The manipulation of the argument ara leads to basic cross site scripting. This vulnerability is known as CVE-2007-3310. The attack can be launched remotely. Furthermore, there is an exploit available.

This is the fourth blog post in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights.

A vulnerability classified as problematic was found in Prisna GWT Plugin up to 1.4.11 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument prisna_import leads to deserialization. This vulnerability is known as CVE-2024-8514. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Themesflat Addons for Elementor Plugin up to 2.2.1 on WordPress. This affects the function render. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-8516. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in wpexpertsio myCred Plugin up to 2.7.3 on WordPress and classified as problematic. This vulnerability affects the function mycred_update_database. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-8658. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in theeventscalendar Events Calendar Plugin up to 6.6.4 on WordPress. It has been declared as critical. Affected by this vulnerability is the function tribe_has_next_event. The manipulation of the argument order leads to sql injection. This vulnerability is known as CVE-2024-8275. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in themesflat Themesflat Addons For Elementor Plugin up to 2.2.1 on WordPress. This affects an unknown part of the component TF E Slider Widget/TF Video Widget/TF Team Widget. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8515. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP ULike Plugin up to 4.7.3 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-7878. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Livemesh Elementor Addons Plugin up to 8.5 on WordPress. Affected by this issue is the function piechart_settings of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-8858. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in ElementsKit Elementor Addons Plugin up to 3.2.7 on WordPress. This affects an unknown part of the component Video Widget. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8546. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in devitemsllc HT Mega Plugin up to 2.6.5 on WordPress and classified as problematic. This issue affects the function render of the file includes/widgets/htmega_accordion.php of the component Template Data Handler. The manipulation leads to exposure of sensitive information through metadata. The identification of this vulnerability is CVE-2024-8910. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in wclovers WCFM Plugin up to 6.7.12 on WordPress. It has been classified as problematic. Affected is the function WCFM_Customers_Manage_Controller::processing. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2024-8290. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in revolutbusiness Revolut Gateway for WooCommerce Plugin up to 4.17.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /wc/v3/revolut of the component REST API Endpoint. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-8678. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in kstover Ninja Forms Plugin up to 3.8.15 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Referer leads to cross site scripting. This vulnerability is handled as CVE-2024-3866. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Livemesh Addons for Elementor Plugin up to 8.5 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-47303. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Nortel CVX 1800 Multi-Service Access Switch 3.6.3. Affected is an unknown function of the component SNMP Account. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2002-0540. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

This daily article is intended to make it easier for those who want to stay updated with my regular posts. Any subscriber-only content will be clearly marked at the end of the link.

A vulnerability has been found in IBM WebSphere ILOG JRules 6.7 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2010-2433. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in 2coolcode Our Space 2.0.9 and classified as critical. This vulnerability affects unknown code of the file newswire/uploadmedia.cgi. The manipulation leads to improper access controls. This vulnerability was named CVE-2007-4647. The attack can be initiated remotely. Furthermore, there is an exploit available.

Naming and Sanctioning Cybercrime Syndicate Members Has Repercussions, Police Say
Western law enforcement may not be able to bust every last Russian cybercrime suspect, but newly revealed efforts against Evil Corp and LockBit reveal suspects arrested while on vacation, as well as the psychological fallout criminal syndicates face when members get named, indicted and sanctioned.