![]() The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard An attacker could use this information to find hashed passwords and possibly escalate their privilege. Sensitive data could be exposed in logs of cloud-init before version 23.1.2. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242379731 This could lead to local information disclosure with no additional execution privileges needed. In ih264e_init_proc_ctxt of ih264e_process.c, there is a possible out of bounds read due to a heap buffer overflow. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253425086References: N/A This could lead to local information disclosure with System execution privileges needed. In init of VendorGraphicBufferMeta, there is a possible out of bounds read due to a missing bounds check. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. As a result, the user may become a victim of a phishing attack. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. Live data can be read from Ethernet, IEEE 802.Open redirect vulnerability exists in web2py versions prior to 2.23.1.Capture files compressed with gzip can be decompressed on the fly.Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others.The most powerful display filters in the industry.Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility. ![]() Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others.Deep inspection of hundreds of protocols, with more being added all the time.Its open source license allows talented experts in the networking community to add enhancements. The program has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Wireshark 64-bit is used by network professionals around the world for analysis, troubleshooting, software and protocol development, and education. The app was written by networking experts around the world and is an example of the power of open-source. Wireshark's powerful features make it the tool of choice for network troubleshooting, protocol development, and education worldwide. The name might be new, but the software is the same. The Ethereal network protocol analyzer has changed its name to Wireshark 64-bit. ![]()
0 Comments
Leave a Reply. |