Ahmed Kaludi, Mohammed Kaludi Security Vulnerabilities

Ubuntu: Security Advisory (USN-4706-1)

The remote host is missing an update for...

Exploit for Cross-site Scripting in Cpanel

About the Tool ⚒️ cpanel_xss_2023 is a simple Python...

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover...

Ubuntu: Security Advisory (USN-4528-1)

The remote host is missing an update for...

Debian: Security Advisory (DSA-4846-1)

The remote host is missing an update for the...

FreeBSD : chromium -- multiple vulnerabilities (4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec)

Chrome Releases reports : This release contains 36 security fixes, including : [1137179] Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10 [1161357] High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler...

Debian DSA-4846-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. CVE-2020-16044 Ned Williamson discovered a use-after-free issue in the WebRTC implementation. CVE-2021-21117 Rory McNamara discovered a policy enforcement issue in Cryptohome. CVE-2021-21118 Tyler...

CVE-2023-48321

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through...

Cross site scripting

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through...

Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to...

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user...

CVE-2023-48321 WordPress Accelerated Mobile Pages Plugin <= 1.0.88.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through...

CVE-2021-23209

Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions &lt;=...

CVE-2021-23150

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin &lt;=...

Intel® Server Configuration Utility Software Installer Advisory

Summary: Potential security vulnerabilities in the Intel® Server Configuration Utility software installer may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25075 Description: Unquoted search...

Intel® QAT Software Advisory

Summary: Potential security vulnerabilities in some Intel® QuickAssist Technology (QAT) software may allow information disclsoure or escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-28741 Description:...

Atcom 2.7.x.x Command Injection

...

Atcom 2.7.x.x - Authenticated Command Injection Vulnerability

...

Atcom 2.7.x.x - Authenticated Command Injection

...

Intel® VCUST Tool Advisory

Summary: A potential security vulnerability in some Intel® VCUST Tool software may allow escalation of privilege. Intel is releasing a software update to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-25944 Description: Uncontrolled search path element in some...

Intel® Server Boards and Server System Firmware Update Utility Advisory

Summary: A potential security vulnerability in the System Firmware Update Utility for some Intel® Server Boards and Server System may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-22841...

Intel® RST Software Installer Advisory

Summary: A potential security vulnerability in some Intel® Rapid Storage Technology (RST) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-43456 Description: Uncontrolled search path in.....

Killer - Is A Tool Created To Evade AVs And EDRs Or Security Tools

It's a AV/EDR Evasion tool created to bypass security tools for learning, until now the tool is FUD. Features: Module Stomping for Memory scanning evasion DLL Unhooking by fresh ntdll copy IAT Hiding and Obfuscation & API Unhooking ETW Patchnig for bypassing some security controls Included...

Unbreakable Enterprise kernel security update

[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...

Intel® NUC Pro Software Suite Advisory

Summary: Potential security vulnerabilities in the Intel® NUC Pro Software Suite may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-46656 Description: Insecure inherited permissions for the...

FortiRecorder 6.4.3 Denial Of Service

...

FortiRecorder 6.4.3 - Denial of Service

...

FortiRecorder 6.4.3 - Denial of Service Exploit

...

Reprise Software RLM 14.2BL4 Cross Site Scripting

...

Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

...

WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting

...

Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting Vulnerab

...

kernel security, bug fix, and enhancement update

[4.18.0-425.19.2_7.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with.....

Reprise Software RLM v14.2BL4 - Cross-Site Scripting Vulnerability

...

Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)

...

kernel security and bug fix update

[5.14.0-162.18.1_1.OL9] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey [Orabug: 24817676] Conflict with shim-ia32.....

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...

kernel security and bug fix update

[4.18.0-425.13.1_7.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with.....

WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting Vulnerability

WordPress Metform Elementor Contact Form Builder plugin versions 3.1.2 and below suffer from a persistent cross site scripting...

Metform Elementor Contact Form Builder < 3.2.0 - Unauthenticated Stored XSS

The plugin does not sanitize and escape some of its submitted entry data when outputting them back in the admin dashboard, which could allow unauthenticated attackers to perform Stored XSS attacks against an admin viewing the malicious...

Metform Elementor Contact Form Builder < 3.2.0 - Unauthenticated Stored XSS

The plugin does not sanitize and escape some of its submitted entry data when outputting them back in the admin dashboard, which could allow unauthenticated attackers to perform Stored XSS attacks against an admin viewing the malicious entry PoC Setup (as admin): Create a new form (using MetForm...

High-Severity XSS Vulnerability in Metform Elementor Contact Form Builder

On January 4, 2023, independent security researcher Mohammed Chemouri reached out to the Wordfence Vulnerability Disclosure program to responsibly disclose and request a CVE ID for a vulnerability in Metform Elementor Contact Form Builder, a WordPress plugin with over 100,000 installations. The...

Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence's highly...

kernel security and bug fix update

[5.14.0-162.12.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with.....

Node v18.13.0 (LTS)

Node v18.13.0 (LTS) By Danielle Adams, Jan 06, 2023 Notable changes Add support for externally shared js builtins By default Node.js is built so that all dependencies are bundled into the Node.js binary itself. Some Node.js distributions prefer to manage dependencies externally. There are existing....

Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely

Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store.....

Intel® SDP Tool Advisory

Summary: A potential security vulnerability in the Intel® Server Debug and Provisioning (SDP) Tool may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-26508 Description: Improper authentication in...

Nginx 1.20.0 - Denial of Service Exploit

...

Nginx 1.20.0 Denial Of Service

...

Nginx 1.20.0 - Denial of Service (DOS)

...