Monthly Archives: June 2023

Advisories

ntp-refclock-0.6-1.fc37

Read Time:8 Second

FEDORA-2023-c0762a0e57

Packages in this update:

ntp-refclock-0.6-1.fc37

Update description:

Update to latest ntp-refclock and ntp, which fixes CVE-2023-26555.

Read More

Advisories

CVE-2014-125105

Read Time:30 Second

A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The name of the patch is 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659.

Read More

Advisories

CVE-2013-10028

Read Time:22 Second

A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660.

Read More

Advisories

CVE-2013-10027

Read Time:25 Second

A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The name of the patch is b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability.

Read More

Advisories

CVE-2015-10111

Read Time:27 Second

A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The name of the patch is bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651.

Read More

Advisories

MOVEit Transfer Critical Vulnerability (CVE-2023-34362)

Read Time:47 Second

What is MOVEit Transfer ?

The MOVEit Transfer is a file-transfer tool that is popular to a lot of organizations. It provides secured transfer between enterpsises by encrypting files at rest and during transfer. It also provides management tools and visibility for monitoring the data flow.

What is the Attack?

The attack can lead an unauthorized user to gain unauthorized access to MOVEit Transfer’s database.

Why is this Significant?

An active exploitation in the wild is at present. Also, there are several hundreds publicly available on the Internet using the MOVEit Transfer according to Shodan.

What is the Vendor Solution?

The vendor has provided three levels of mitigations. First one is to deny the service via blocking any HTTP/HTTPs traffic. Second is to delete unauthorized files and user accounts. Last is to apply the patch on the affected tool.

What FortiGuard Coverage is Available?

FortiGuard Labs is currently investigating coverage for CVE-2023-34362.

Read More