Aggregator

CVE-2017-5492 | WordPress up to 4.7.0 class-wp-screen.php cross-site request forgery (Nessus ID 96606 / ID 175955)

Vuldb Updates
1 month 1 week ago
A vulnerability marked as problematic has been reported in WordPress. This vulnerability affects unknown code of the file wp-admin/includes/class-wp-screen.php. The manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2017-5492. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2017-5493 | WordPress up to 4.7.0 Multisite API ms-functions.php cryptographic issue (EDB-40968 / Nessus ID 96606)

Vuldb Updates
1 month 1 week ago
A vulnerability described as critical has been identified in WordPress. This issue affects some unknown processing of the file wp-includes/ms-functions.php of the component Multisite API. The manipulation results in cryptographic issues. This vulnerability is reported as CVE-2017-5493. The attack can be launched remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.
vuldb.com

CVE-2017-5480 | b2evolution up to 6.8.3 inc/files/files.ctrl.php fm_selected path traversal (BID-95454 / ID 802129)

Vuldb Updates
1 month 1 week ago
A vulnerability classified as critical was found in b2evolution up to 6.8.3. The affected element is an unknown function of the file inc/files/files.ctrl.php. Such manipulation of the argument fm_selected leads to path traversal. This vulnerability is traded as CVE-2017-5480. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2017-5494 | b2evolution up to 6.8.3 SWF File comment/avatar cross site scripting (BID-95452 / ID 802129)

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as problematic, has been found in b2evolution up to 6.8.3. The impacted element is an unknown function of the component SWF File Handler. Performing a manipulation of the argument comment/avatar results in cross site scripting. This vulnerability is known as CVE-2017-5494. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CVE-2016-7904 | CMS Made Simple up to 2.1.5 admin/adduser.php cross-site request forgery (BID-95453 / ID 103332)

Vuldb Updates
1 month 1 week ago
A vulnerability has been found in CMS Made Simple up to 2.1.5 and classified as problematic. This impacts an unknown function of the file admin/adduser.php. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2016-7904. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.
vuldb.com

Most Remediation Programs Never Confirm the Fix Actually Worked

The Hackers News
1 month 1 week ago
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear
The Hacker News

ClickFix Evolves with 10-Year-Old Open-Source Python SOCKS5 Proxy

Cyber Security News
1 month 1 week ago

A cyberattack campaign that tricks users into running malicious commands on their own computers has taken a dangerous new turn. The technique, known as “ClickFix,” has been circulating for some time, but a recent incident revealed that attackers are now pairing it with a 10-year-old open-source Python tool to create a far more resilient form […]

The post ClickFix Evolves with 10-Year-Old Open-Source Python SOCKS5 Proxy appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad