What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-03 17:15:08 | CVE-2023-32121 (lien direct) | Une mauvaise neutralisation des éléments spéciaux utilisés dans une vulnérabilité SQL (\\ 'sql injection \') dans le spam zéro Highfivert LLC pour WordPress permet l'injection SQL.Ce problème affecte zéro spam pour WordPress: de N / A à 5.4.4.
Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4. |
Spam Vulnerability | ||
|
2023-08-23 14:15:08 | CVE-2023-32496 (lien direct) | Auth.(Admin +) Vulnérabilité des scripts inter-sites stockés (XSS) dans Bill Minozzi Block Bots Bots et arrêtez les robots de mauvais robots et les araignées et le plugin de protection anti-spam | Spam Vulnerability | ||
|
2023-08-23 14:15:08 | CVE-2023-32497 (lien direct) | Auth.(Admin +) Vulnérabilité des scripts inter-sites stockés (XSS) dans le plugin spam référentiel de blocs supersoju | Spam Vulnerability | ||
|
2023-06-07 13:15:09 | CVE-2021-4337 (lien direct) | Seize plugins Add-on XForwooCommerce pour WordPress sont vulnérables au contournement d'autorisation en raison d'une vérification de capacité manquante sur la fonction WP_AJAX_SVX_AJAX_FACTORY dans diverses versions répertoriées ci-dessous.Cela permet aux attaquants authentifiés, avec les autorisations de niveau abonné et au-dessus, de lire, d'éditer ou de supprimer les paramètres WordPress, les paramètres de plugin et de répertorier arbitrairement tous les utilisateurs sur un site Web WordPress.Les plugins touchés sont: Filtre de produit pour WooCommerce | Spam | ||
|
2023-06-07 07:15:08 | CVE-2023-2187 (lien direct) | Sur Triangle Microworks \\ 'SCADA Data Gateway Version | Spam Vulnerability | ||
|
2023-06-07 02:15:13 | CVE-2021-4350 (lien direct) | Le plugin Frontend File Manager pour WordPress est vulnérable à l'injection HTML non authentifiée dans les versions jusqu'à et comprenant 18.2.Cela est dû au manque de protections d'authentification sur l'action AJAX WPFM_SEND_FILE_IN_EMAIL.Cela permet aux attaquants non authentifiés d'envoyer des e-mails à l'aide du site avec un sujet personnalisé, un e-mail du destinataire et un corps avec un contenu HTML non animé.Cela permet à l'attaquant d'utiliser le site comme relais de spam.
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay. |
Spam | ||
|
2023-06-05 14:15:10 | CVE-2023-2488 (lien direct) | L'arrêt Spammers Security |Bloquer les utilisateurs de spam, les commentaires, les formulaires WordPress Plugin avant 2023 ne désinfectue pas et n'échappe pas à divers paramètres avant de les reprendre dans des pages de tableau de bord d'administration, conduisant à un script transversal réfléchi qui pourrait être utilisé contre des utilisateurs de privilèges élevés tels que l'administrateur
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin |
Spam | ||
|
2023-06-05 14:15:10 | CVE-2023-2489 (lien direct) | L'arrêt Spammers Security |Bloquer les utilisateurs de spam, les commentaires, le plugin WordPress Forms avant 2023 ne désinfectue pas et n'échappe pas à certains de ses paramètres, ce qui pourrait permettre aux utilisateurs de privilèges élevés tels que l'administrateur pour effectuer des attaques de script inter-sites stockées même lorsque la capacité non filtrée_html est interdite (par exemple dans MultiSiteinstallation)
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
Spam | ||
|
2023-05-26 13:15:11 | CVE-2023-24008 (lien direct) | Vulnérabilité de contrefaçon de demande de site croisé (CSRF) dans Yonifre Maspik & acirc; & euro; & ldquo;Spam Blacklist Plugin | Spam Vulnerability | ||
|
2023-03-27 04:15:09 | CVE-2023-24835 (lien direct) | SoftNext Technologies Corp. & aLilde; & cent; & acirc; & sbquo; & not; & acirc; & bdquo; & cent; s spam sqr a une vulnérabilité de l'injection de code dans sa fonction spécifique.Un attaquant distant authentifié avec privilège administrateur peut exploiter cette vulnérabilité pour exécuter la commande arbitraire du système pour effectuer un fonctionnement du système arbitraire ou un service de perturbation.
Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service. |
Spam Vulnerability | ||
|
2023-02-08 21:15:10 | CVE-2023-25163 (lien direct) | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an Application via the Argo CD API (and therefor the UI or CLI). The user must have `applications, create` or `applications, update` RBAC access to reach the code which may produce the error. The user is not guaranteed to be able to trigger the error message. They may attempt to spam the API with requests to trigger a rate limit error from the upstream repository. If the user has `repositories, update` access, they may edit an existing repository to introduce a URL typo or otherwise force an error message. But if they have that level of access, they are probably intended to have access to the credentials anyway. A patch for this vulnerability has been released in version 2.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | Spam Tool Vulnerability | Uber | |
|
2023-01-13 19:15:12 | CVE-2023-22489 (lien direct) | Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn't be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds. | Spam Vulnerability | ||
|
2022-12-26 13:15:12 | CVE-2022-4120 (lien direct) | The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain | Spam Guideline | ||
|
2022-12-12 18:15:11 | CVE-2022-3883 (lien direct) | The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | Spam | ||
|
2022-10-25 17:15:56 | CVE-2022-3302 (lien direct) | The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin | Spam Guideline | ★★★ | |
|
2022-08-29 18:15:08 | CVE-2022-1663 (lien direct) | The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. | Spam Threat | ||
|
2022-08-15 11:21:39 | CVE-2022-35958 (lien direct) | Discourse is a 100% open source discussion platform. A malicious user can use the invitation system to spam arbitrary email addresses by sending them invitation emails in some cases. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds. | Spam | ★★★ | |
|
2022-08-08 14:15:10 | CVE-2022-35488 (lien direct) | In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim. | Spam | ||
|
2022-08-01 20:15:08 | CVE-2022-31184 (lien direct) | Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email. | Spam | ★★★★★ | |
|
2022-06-20 11:15:09 | CVE-2022-1801 (lien direct) | The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. | Spam | ★★ | |
|
2022-06-08 10:15:10 | CVE-2022-1709 (lien direct) | The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack | Spam | ||
|
2022-06-08 10:15:09 | CVE-2022-1569 (lien direct) | The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | Spam | ★★★★★ | |
|
2022-05-06 18:15:08 | CVE-2021-27758 (lien direct) | There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. | Spam Vulnerability | ★★★★★ | |
|
2022-04-11 15:15:08 | CVE-2022-0949 (lien direct) | The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection | Spam Guideline | ||
|
2022-03-25 12:15:07 | CVE-2022-1064 (lien direct) | SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | Spam | ||
|
2022-03-14 15:15:09 | CVE-2022-0254 (lien direct) | The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection | Spam Guideline | ||
|
2021-12-13 11:15:09 | CVE-2021-24863 (lien direct) | The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection | Spam Guideline | ||
|
2021-11-08 18:15:09 | CVE-2021-24731 (lien direct) | The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection. | Spam Guideline | ||
|
2021-11-08 18:15:08 | CVE-2021-24647 (lien direct) | The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username | Spam | ||
|
2021-10-25 16:15:08 | CVE-2021-37624 (lien direct) | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the `auth-messages` parameter to `true`, it is not the default setting. Abuse of this security issue allows attackers to send SIP MESSAGE messages to any SIP user agent that is registered with the server without requiring authentication. Additionally, since no authentication is required, chat messages can be spoofed to appear to come from trusted entities. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. This issue is patched in version 1.10.7. Maintainers recommend that this SIP message type is authenticated by default so that FreeSWITCH administrators do not need to be explicitly set the `auth-messages` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. | Spam Guideline | ||
|
2021-10-13 15:15:07 | CVE-2021-34814 (lien direct) | Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. | Spam | ||
|
2021-09-06 11:15:08 | CVE-2021-24517 (lien direct) | The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed | Spam | ||
|
2021-08-18 20:15:06 | CVE-2021-1561 (lien direct) | A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists because access to the spam quarantine feature is not properly restricted. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to modify another user's spam quarantine settings, possibly disabling security controls or viewing email messages stored on the spam quarantine interfaces. | Spam Vulnerability | ||
|
2021-08-03 19:15:08 | CVE-2021-33320 (lien direct) | The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails | Spam | ||
|
2021-06-28 14:15:11 | CVE-2021-28585 (lien direct) | Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails. | Spam Vulnerability | ||
|
2021-05-17 17:15:08 | CVE-2021-24295 (lien direct) | It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset. | Spam Vulnerability | ||
|
2021-05-06 13:15:11 | CVE-2021-24245 (lien direct) | The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. | Spam Guideline | ||
|
2021-04-21 12:15:08 | CVE-2021-20501 (lien direct) | IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email. IBM X-Force ID: 198056. | Spam Vulnerability |
1
We have: 38 articles.
We have: 38 articles.
To see everything:
Our RSS (filtrered)
