Hacking

ISC Stormcast For Monday, July 28th, 2025 https://isc.sans.edu/podcastdetail/9544, (Mon, Jul 28th) Source link

New features WebTunnel bridges You can now use WebTunnel bridges to connect to the Tor network from Tails. WebTunnel is a bridge technology that is particularly good at circumventing censorship and might work from places where obfs4 bridges are blocked. WebTunnel disguises your connection as ordinary web traffic. To get WebTunnel bridges, visit https://bridges.torproject.org/. Changes…

CVE-2023-4810 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which…

CVE-2023-5454 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users…

CVE-2023-5355 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing…

When you need to analyze some suspicious pieces of code, it’s interesting to detonate them in a sandbox. If you don’t have a complete sandbox environment available or you just want to avoid generatin noise on your network, why not route the traffic to a sinkhole or NULL-route (read: packets won’t be sent across the normal…

CVE-2023-5352 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit…

CVE-2023-5181 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which…

CVE-2023-5082 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before…

CVE-2023-5354 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back…