Cross-Site Scripting in Magic Fields 1 WordPress Plugin
Home » Cross-Site Scripting in Magic Fields 1 WordPress Plugin
Cross-Site Scripting in Magic Fields 1 WordPress Plugin
Condividi
RSS
Piu’ articoli…
- Unificare la piattaforma per la threat detection
- L’importanza del monitoring ICT
- I benefici SOAR: semplificare indagine e risposta
- Security Code Review: come funziona il servizio
- Automated Response Integration: le automazioni nel SOCaaS
- Coordinazione tra CTI e SOC: come alzare ulteriormente le difese
- Novità Cloud Server: internet ridondata
- Certificato di qualità per il SOCaaS di SOD
Categorie …
- Backup as a Service (24)
- Acronis Cloud Backup (18)
- Veeam Cloud Connect (3)
- Cloud CRM (1)
- Cloud Server/VPS (23)
- Conferenza Cloud (4)
- Log Management (2)
- Monitoraggio ICT (4)
- Novita' (15)
- ownCloud (7)
- Privacy (8)
- Secure Online Desktop (15)
- Security (157)
- Cyber Threat Intelligence (CTI) (5)
- Ethical Phishing (8)
- SOCaaS (49)
- Vulnerabilita' (84)
- Web Hosting (15)
Tags
CSIRT
- Nuova versione di Google Chrome
(AL01/220705/CSIRT-ITA) Luglio 5, 2022Nuovo aggiornamento di Google Chrome per Windows corregge 4 vulnerabilità di sicurezza
- PoC pubblico per lo sfruttamento della CVE-2022-28219
(AL01/220704/CSIRT-ITA) Luglio 4, 2022Disponibile un Proof of Concept (PoC) per la vulnerabilità CVE-2022-28219 – già sanata dal vendor – presente nel prodotto Zoho ManageEngine ADAudit Plus. Tale vulnerabilità, qualora sfruttata, potrebbe permettere ad un utente malintenzionato remoto di eseguire codice arbitrario sui sistemi target e compromettere gli account di Active Directory.
- La Settimana Cibernetica del 3 luglio 2022 Luglio 4, 2022Scarica il riepilogo delle notizie pubblicate dallo CSIRT Italia dal 27 giugno al 3 luglio 2022
- MedusaLocker: rilasciati dettagli sul ransomware
(BL01/220701/CSIRT-ITA) Luglio 1, 2022Il Federal Bureau of Investigation (FBI), la Cybersecurity and Infrastructure Security Agency (CISA), il Dipartimento del Tesoro statunitense e la Financial Crimes Enforcement Network (FinCEN) hanno recentemente pubblicato un Cybersecurity Advisory (CSA) congiunto in cui evidenziano dettagli inerenti al Ransomware-as-a-Service (RaaS) denominato “MedusaLocker”.
- Rilevata vulnerabilità in prodotti Atlassian
(AL02/220630/CSIRT-ITA) Giugno 30, 2022Aggiornamenti di sicurezza sanano una vulnerabilità presente nei prodotti Atlassian Jira Server e Jira Service Management Server.
- Aggiornamenti di sicurezza per prodotti Mozilla
(AL01/220630/CSIRT-ITA) Giugno 30, 2022Mozilla ha rilasciato aggiornamenti di sicurezza per sanare alcune vulnerabilità nei prodotti Firefox, Firefox ESR e Thunderbird.
- PoC pubblico per lo sfruttamento della CVE-2022-31626
(AL01/220627/CSIRT-ITA) Giugno 27, 2022Disponibile un Proof of Concept (PoC) per la vulnerabilità CVE-2022-31626 – già sanata dal vendor – presente in PHP. Tale vulnerabilità, qualora sfruttata, potrebbe permettere ad un utente malintenzionato remoto di eseguire codice arbitrario sui sistemi target.
- La Settimana Cibernetica del 26 giugno 2022 Giugno 27, 2022Scarica il riepilogo delle notizie pubblicate dallo CSIRT Italia dal 20 al 26 giugno 2022
- Vulnerabilità in prodotti NAS QNAP
(AL06/220623/CSIRT-ITA) Giugno 23, 2022Aggiornamenti di sicurezza QNAP risolvono una vulnerabilità, con gravità “critica”, che interessa i propri dispositivi NAS.
- Rilasciati aggiornamenti di sicurezza per Jenkins e Jenkins LTS
(AL05/220623/CSIRT-ITA) Giugno 23, 2022Rilasciato il Jenkins Security Advisory di giugno che risolve molteplici vulnerabilità in Jenkins weekly e Jenkins LTS.
Dark Reading
- ICYMI: A Microsoft Warning, Follina, Atlassian, and More Luglio 1, 2022Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.
- OpenSea NFT Marketplace Faces Insider Hack Luglio 1, 2022OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.
- Time Constraints Hamper Security Awareness Programs Luglio 1, 2022Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says.
- Criminals Use Deepfake Videos to Interview for Remote Work Luglio 1, 2022The latest evolution in social engineering could put fraudsters in a position to commit insider threats.
- DragonForce Malaysia Releases LPE Exploit, Threatens Ransomware Luglio 1, 2022The hacktivist group is ramping up its activities and ready to assault governments and businesses with escalating capabilities.
- When It Comes to SBOMs, Do You Know the Ingredients in Your Ingredients? Luglio 1, 2022Transitive dependencies can complicate the process of developing software bills of materials.
- Microsoft Going Big on Identity with the Launch of Entra Luglio 1, 2022With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Microsoft has a new response.
- Google: Hack-for-Hire Groups Present a Potent Threat Giugno 30, 2022Cyber mercenaries in countries like India, Russia, and the UAE are carrying out data theft and hacking missions for a wide range of clients across regions, a couple of new reports said.
- 18 Zero-Days Exploited So Far in 2022 Giugno 30, 2022It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.
- API Security Losses Total Billions, But It's Complicated Giugno 30, 2022A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways?
Full Disclosure
- JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function Luglio 1, 2022Posted by Eldar Marcussen on Jun 30JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function =============================================================================== Several PHP compatability libraries contain a potential remote code execution flaw in their `json_decode()` function based on having copy pasted existing vulnerable code. Identifiers --------------------------------------- * JAHx221 - http://www.justanotherhacker.com/advisories/JAHx221.txt...
- Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials Luglio 1, 2022Posted by malvuln on Jun 30Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.EvilGoat.b Vulnerability: Weak Hardcoded Credentials Description: The malware listens on TCP port 13014. Authentication is required, however the credentials "evilgoat / penix" are weak and found within the PE...
- Backdoor.Win32.Coredoor.10.a / Authentication Bypass Luglio 1, 2022Posted by malvuln on Jun 30Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Coredoor.10.a Vulnerability: Authentication Bypass Description: The malware runs an FTP server on TCP port 21000. Third-party attackers who can reach infected systems can logon using any username/password combination....
- Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials Luglio 1, 2022Posted by malvuln on Jun 30Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Description: The malware listens on TCP ports 51966 and 23. Authentication is required, however the password "mama" is weak and found within the PE […]
- BigBlueButton - Stored XSS in username (CVE-2022-31064) Luglio 1, 2022Posted by Rick Verdoes via Fulldisclosure on Jun 30CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton. ========================= Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton Product: BigBlueButton Vendor: BigBlueButton Vulnerable Versions: 2.3,
- typeorm CVE-2022-33171 Luglio 1, 2022Posted by lixts via Fulldisclosure on Jun 30typeorm CVE-2022-33171 findOne(id), findOneOrFail(id) The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. The issue […]
- 🐞 CFP for Hardwear.io NL 2022 is OPEN! Luglio 1, 2022Posted by Andrea Simonca on Jun 30*🐞 CFP for Hardwear.io NL 2022 is OPEN!* If you have groundbreaking embedded research or an awesome open-source tool you’d like to showcase before the global hardware security community, this is your chance. Send in your ideas on various hardware subjects, including but not limited to Chips, Processors, ICS/SCADA, […]
- [Extension: CPSIoTSec 2022] The Workshop on CPS&IoT Security and Privacy **Submission Deadline: July 25, 2022** Luglio 1, 2022Posted by alcaraz on Jun 30[Apologies for cross-posting] -------------------------------------------------------------------------- C a l l F o r P a p e r s The Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2022), in conjunction with the ACM Conference on Computer and Communications Security (ACM CCS) November 7-11, 2022, Los Angeles, U.S.A. https://cpsiotsec2022.github.io/cpsiotsec/...
- Backdoor.Win32.InfecDoor.17.c / Insecure Permissions Giugno 28, 2022Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.InfecDoor.17.c Vulnerability: Insecure Permissions Description: The malware writes a ".420" settings file type to c drive granting change (C) permissions to the authenticated user group. Standard users can...
- Trojan-Mailfinder.Win32.VB.p / Insecure Permissions Giugno 28, 2022Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Mailfinder.Win32.VB.p Vulnerability: Insecure Permissions Description: The malware writes a dir with multiple PE files to c drive granting change (C) permissions to the authenticated user group. Standard users can […]
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
-
SecureOnlineDesktop
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Newsletter
Prodotti e Soluzioni
- Cloud Server
- Conferenza Cloud
- Web Hosting
- Cloud CRM
- Consulenza ICT | Outsourcing
- ownCloud
- BaaS | Cloud Backup
- Log Management
- Servizio di monitoraggio ICT
- Next Generation SIEM
- Phishing Etico
- VPN Aziendali
- Progetti ICT
- Consulenze
- Vulnerability Assessment & Penetration Test
- Progetti Web
- Privacy | GDPR
- SOC as a Service
News
- Unificare la piattaforma per la threat detection Maggio 23, 2022
- L’importanza del monitoring ICT Maggio 11, 2022
- I benefici SOAR: semplificare indagine e risposta Aprile 18, 2022
- Security Code Review: come funziona il servizio Aprile 13, 2022
- Automated Response Integration: le automazioni nel SOCaaS Aprile 11, 2022
Recensioni Google























Copyright © 2011 Secure Online Desktop s.r.l. All Rights Reserved.
VAT: 07485920966 “Cloud Computing services - Software cloud - Cloud server - VPS” Terms of ServicePrivacy Policy
ISO Certifications