Tagged: Cybersecurity Alert

An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again....

The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect...

The Simple Banner – Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pro_version_activation_code’ parameter in all versions up to,...

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the save_refund_request() function. This makes it possible for authenticated...

The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags. More information : https://wpscan.com/vulnerability/4a2d4dcf-bb34-4eec-b5de-31c6a4d823cf/

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘order_mail’ setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the order_mail field and...

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site’s subscribers containing their name and email address...

On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps. More information : https://blog.nullvoid.me/posts/mercku-exploits/

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. More information : https://blog.nullvoid.me/posts/mercku-exploits/

On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases. More information : https://blog.nullvoid.me/posts/mercku-exploits/

Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator. More information : https://blog.nullvoid.me/posts/mercku-exploits/

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks. More information : https://blog.nullvoid.me/posts/mercku-exploits/

This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a...

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker...