Category Archives: Advisories

CVE-2021-24905

Read Time:24 Second

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.

Read More

Open-Xchange Security Advisory 2022-03-21

Read Time:22 Second

Posted by Martin Heiland via Fulldisclosure on Mar 21

Dear subscribers,

we’re sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: OXUIB-1092
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable…

Read More

CVE-2020-24772

Read Time:19 Second

In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).

Read More

xen-4.16.0-5.fc36

Read Time:10 Second

FEDORA-2022-cf87a9b146

Packages in this update:

xen-4.16.0-5.fc36

Update description:

fix build of xen.efi file and package it in /usr/lib/efi

Multiple speculative security issues [XSA-398]

Read More

[CFP-ESORICS 2022]: 27th European Symposium on Research in Computer Security (ESORICS) 2022

Read Time:16 Second

Posted by CFP – ESORICS 2022 on Mar 20

[Apologies for cross-posting]

————————————————————————–
C a l l F o r P a p e r s

27th European Symposium on Research in Computer Security (ESORICS) 2022
26-30 September 2022, Copenhagen, Denmark
URL: https://esorics2022.compute.dtu.dk/#
————————————————————————–

===================
CONFERENCE OUTLINE:
===================

We are looking…

Read More