Transposh WordPress Translation versions 1.0.8.1 and below have a "save_transposh" action available at "/wp-admin/admin.php?page=tp_advanced" that does not properly validate the "Log file name" allowing an attacker with the "Administrator" role to specify a .php file as the log destination. Since the log file is stored directly within the "/wp-admin" directory, executing arbitrary PHP code is possible by simply sending a crafted request that gets logged.
8347827a18239dee9d623ea317bc7751b1e867031f7d4bbe6349594f42f4006f
Ubuntu Security Notice 5541-1 - Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
e964411e2a44ec6b1d66fca5a48f54b1a1e945a816cc42a923278a78bcde118e
Transposh WordPress Translation versions 1.0.8.1 and below have a "tp_editor" page at "/wp-admin/admin.php?page=tp_editor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application.
6ffce07022d6d645854345ed70ea8823b6aaf618f4db874a0b2b20afa74331a3
Ubuntu Security Notice 5540-1 - Liu Jian discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the USB gadget subsystem in the Linux kernel did not properly validate interface descriptor requests. An attacker could possibly use this to cause a denial of service.
f428af4961f037f9aea520b0b4732e409e7b944994e66c7fc5dc8237a6730340
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
f6e4355d08634ff461526acba4fbfe0418340d80014fb3535d0553d3f4423448
Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber".
af33faff2eac2d7e60b23a09b13a21e743b2acab343abb9a1ba1e8f3913a386d
Red Hat Security Advisory 2022-5753-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
f8378570cf35560179a4d3e79ab2bdff5edbdb9ae5318dc950cbf998c4e25013
Geonetwork versions 3.1.x through 4.2.0 suffer from an XML external entity injection vulnerability.
b6960c0b16c14d8c15e9fb95af349b9c0df4129ca1c1ec5012226c0cf1bf3a8b
Ubuntu Security Notice 5539-1 - It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service. Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.
e0f1dc9c61a271fdd2e51e74092004e7786f7464ac5a1e07c3a459de607c3aff
Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called "tp_history" which is intended to return data about who has translated a text given by the "token" parameter. However, the plugin also returns the user's login name as part of the "user_login" attribute. Successful exploits can allow an unauthenticated attacker to leak the WordPress username of translators. If an anonymous user submitted the translation, then the user's IP address is returned.
9edfbd7e51dbf96c4ec365750f8acbdc5e0bcb40dfa07245a905258f418c9681
Ubuntu Security Notice 5536-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the mouse pointer position, bypass Subresource Integrity protections, obtain sensitive information, or execute arbitrary code.
a3f6eb274e9d4bb1910c15874d1f521d440de1c77c380a3de951175d7068aea7
Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.
134f7cc89e016dd40ec6f94be6c14e9a72f24e41d92ceac88aa2cd6916a78c10
Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.
00f492b81f8c36b3158ff92303a3ed9b8713a137b201a866100dd6430cd9a03c
Ubuntu Security Notice 5537-2 - USN-5537-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.39 in Ubuntu 16.04 ESM.
91ad3492d567b8359bd5f30f89f31f5809fa70a509cd42e4271733886d69ece0
rpc.py version 0.6.0 suffers from a remote code execution vulnerability.
33abea8f61fd6b17f12060c9cb706fdb9f1133ee39f527443f669393e2991229
Ubuntu Security Notice 5538-1 - It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
92956c09842ba4745140cc0741ff13b31c793230ff51a01187672043280bfa9d
Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" users to add translations via the plugin's "tp_translation" ajax action. Successful exploits can allow an unauthenticated attacker to add translations to the WordPress site and thereby influence what is actually shown on the site.
c25e589bc0f339822e669aa5ee336af340896bf3579587f6ad8e5c6ae0691179
Red Hat Security Advisory 2022-5754-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.
26f47682777977fda3a4989390cfccb9c0053ddf9c75c92ad2fd0395143846ef
Dingtian-DT-R002 version 3.1.276A suffers from an authentication bypass vulnerability.
c4aafb04ab940ad8ed639d090f1cb3dab189b7a09aab3cd311715b6cd8f14560
Ubuntu Security Notice 5537-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.30 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.39. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
cdeec5366a2b7a76fe29f05a0289b9a37f2b6e645a369069aada53fbbd5ad0b1
Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_translation" which is available to authenticated or unauthenticated users (see CVE-2022-2461) that allows them to submit new translations. Translations submitted this way are shown on the Transposh administrative interface on the pages "tp_main" and "tp_editor". However, since the plugin does not properly validate and sanitize the submitted translation, arbitrary Javascript code can be permanently injected and executed directly within the backend across all users visiting the page with the roles of at least "Subscriber" and up to "Administrator".
484332c9e36ec88f8a190cc80119a1f22da60e0f49e9a327a7f7268bba597fb7
Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_tp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code onto the same page.
126f6f0908b2d0af3788074669b78c52b992a1d268ad9fca40e951bf16e63e90
Whitepaper called Abusing Microsoft System Center Configuration Manager (SCCM). Written in Arabic.
5b72b4426c74f72b869bca4e8c0638cb710f8a84b85dbb67be5d85a25110f951
WordPress WP-UserOnline plugin versions 2.87.6 and below suffer from a persistent cross site scripting vulnerability.
f6801eabd968457a104d901ce64897fb4b492fbd508a10ad3532e3d5615da08a