Evolution is making attribution even harder, warns Coveware
Daily Archives: July 29, 2022
Malicious Npm Packages Designed to Steal Discord Tokens
ZDI-22-1034: Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk Desktop App. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1035: Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk Desktop App. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
[CVE-2022-25812] Transposh <= 1.0.8.1 “save_transposh” Missing Logfile Extension Check Leading to Code Injection
Posted by Julien Ahrens (RCE Security) on Jul 28
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Reliance on File Name or Extension of Externally-Supplied File [CWE-646]
Date found: 2022-02-21
Date published: 2022-07-22
CVSSv3 Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)…
[CVE-2022-25811] Transposh <= 1.0.8.1 “tp_editor” Multiple Authenticated SQL Injections
Posted by Julien Ahrens (RCE Security) on Jul 28
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Improper Authorization [CWE-285]
Date found: 2022-02-21
Date published: 2022-07-22
CVSSv3 Score: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)
CVE: CVE-2022-25811
2. CREDITS…
[CVE-2022-25810] Transposh <= 1.0.8.1 Improper Authorization Allowing Access to Administrative Utilities
Posted by Julien Ahrens (RCE Security) on Jul 28
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Improper Authorization [CWE-285]
Date found: 2022-02-21
Date published: 2022-07-22
CVSSv3 Score: 6.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVE: CVE-2022-25810
2. CREDITS…
[CVE-2022-2462] Transposh <= 1.0.8.1 “tp_history” Unauthenticated Information Disclosure
Posted by Julien Ahrens (RCE Security) on Jul 28
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2022-07-13
Date published: 2022-07-22
CVSSv3 Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE:…
[CVE-2022-2461] Transposh <= 1.0.8.1 “tp_translation” Weak Default Translation Permissions
Posted by Julien Ahrens (RCE Security) on Jul 28
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Incorrect Authorization [CWE-863]
Date found: 2022-07-13
Date published: 2022-07-22
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2022-2461
2. CREDITS…
[CVE-2021-24912] Transposh <= 1.0.8.1 Multiple Cross-Site Request Forgeries
Posted by Julien Ahrens (RCE Security) on Jul 28
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2021-08-19
Date published: 2022-07-22
CVSSv3 Score: 5.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVE: CVE-2021-24912
2….