ZDI-22-1035: Autodesk Desktop App Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Autodesk Desktop App. An attacker must first obtain the ability to execute low-privileged...
[CVE-2022-25812] Transposh <= 1.0.8.1 “save_transposh” Missing Logfile Extension Check Leading to Code Injection
Posted by Julien Ahrens (RCE Security) on Jul 28 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type:...
[CVE-2022-25811] Transposh <= 1.0.8.1 “tp_editor” Multiple Authenticated SQL Injections
Posted by Julien Ahrens (RCE Security) on Jul 28 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type:...
[CVE-2022-25810] Transposh <= 1.0.8.1 Improper Authorization Allowing Access to Administrative Utilities
Posted by Julien Ahrens (RCE Security) on Jul 28 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type:...
[CVE-2022-2462] Transposh <= 1.0.8.1 “tp_history” Unauthenticated Information Disclosure
Posted by Julien Ahrens (RCE Security) on Jul 28 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type:...
[CVE-2022-2461] Transposh <= 1.0.8.1 “tp_translation” Weak Default Translation Permissions
Posted by Julien Ahrens (RCE Security) on Jul 28 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type:...
[CVE-2021-24912] Transposh <= 1.0.8.1 Multiple Cross-Site Request Forgeries
Posted by Julien Ahrens (RCE Security) on Jul 28 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type:...
[CVE-2021-24911] Transposh <= 1.0.7 “tp_translation” Unauthenticated Stored Cross-Site Scripting
Posted by Julien Ahrens (RCE Security) on Jul 28 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type:...
[CVE-2021-24910] Transposh <= 1.0.7 “tp_tp” Unauthenticated Reflected Cross-Site Scripting
Posted by Julien Ahrens (RCE Security) on Jul 28 RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type:...
New HiddenAds malware affects 1M+ users and hides on the Google Play Store
Authored by Dexter Shin McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as cleaner...