Category Archives: Advisories

Advisories

[CVE-2022-3747] BeCustom <= 1.0.5.2 Generic Cross-Site Request Forgery

Read Time:24 Second

Posted by Julien Ahrens (RCE Security) on Nov 15

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: BeCustom WordPress Plugin
Vendor URL: https://muffingroup.com/betheme/features/be-custom/
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2021-10-28
Date published: 2022-11-10
CVSSv3 Score: 5.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2022-3747

2. CREDITS
==========
This…

Read More

Advisories

Cisco Secure Email Gateways can easily be circumvented

Read Time:24 Second

Posted by FD on Nov 15

This report is being published within a coordinated disclosure
procedure. The researcher has been in contact with the vendor
but not received a satisfactory response within a given time
frame. As the attack complexity is low and exploits have already
been published by a third party there must be no further delay
in making the threads publicly known.

The researcher prefers not to take credit for their findings.

Evading Malware Detection by…

Read More

Advisories

USN-5725-1: Go vulnerability

Read Time:12 Second

Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston
Van Loon discovered that Go incorrectly handled certain inputs.
An attacker could possibly use this issue to cause Go applications
to hang or crash, resulting in a denial of service.

Read More