The Latest Infosec News, Tools, and Exploits – Got Root?
The WordPress plugin User Meta 2.4.3 and below is vulnerable to path traversal exploitation. Both the lite and pro version are exploitable and the solution is to update to version 2.4.4.
The WordPress plugin wpDiscuz version 7.0.4 suffers an arbitrary file upload vulnerability that does not require authentication.
MyBB version 1.8.25 suffers from a chained remote command execution (RCE) flaw. Upgrade to version 1.8.26
Microsoft Windows Internet Explorer 11 32-bit adition suffers a Use-After-Free Exploit
The software Pixelimity version 1.0 suffers from a password CSRF (Cross Site Request Forgery) vulnerability.
The software Roundcube Webmail version 1.2 suffers from a File Disclosure vulnerability.
The WordPress CMS version 5.0.0 suffers from a Image Remote Code Execution vulnerability via access with at least an Author account.
SonicWall SSL-Virutal Private Network version 8.0.0.0 is vulnerable to “shellshock/visualdoor” RCE (Remote Code Execution) Unauthenticated.
The MyBB Forum plugin Timeline version 1.0 is vulnerable to XSS(Cross site Scripting) and CSRF(Cross Site Request Forgery) attacks.
