Subscribe via feed.
Archive for November, 2022

WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.

Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass

Posted by deepcore under exploit (No Respond)

Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL injection, and various other vulnerabilities.

BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection

Posted by deepcore under exploit (No Respond)

BMC Remedy ITSM-Suite version 9.1.10 (20.02 in new versioning scheme) suffers from an html injection vulnerability.

Payara Platform Path Traversal

Posted by deepcore under exploit (No Respond)

Payara Platform suffers from a path traversal vulnerability. Enterprise versions prior to 5.45.0 and Community versions prior to 6.2022.1, 5.2022.4, and 4.1.2.191.38 are affected.

Apple Security Advisory 2022-11-09-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2022-11-09-1 – iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.

Tags: , ,

Apple Security Advisory 2022-11-09-2

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2022-11-09-2 – macOS Ventura 13.0.1 addresses code execution and integer overflow vulnerabilities.

Tags: , ,

Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.RemServ.d malware suffers from a remote command execution vulnerability.

libxml2 Attribute Parsing Double-Free

Posted by deepcore under exploit (No Respond)

libxml2 suffers from a double-free vulnerability when parsing default attributes.

libxml2 xmlParseNameComplex Integer Overflow

Posted by deepcore under exploit (No Respond)

libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex.

Node-saml Root Element Signature Bypass

Posted by deepcore under exploit (No Respond)

Node-saml and its partner project passport-saml are vulnerable to an authentication bypass due to lax parsing of SAML responses.