#wordpress

New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

By Deeba Ahmed Microsoft has discovered a new Sysrv botnet variant deploying cryptocurrency miners on Windows and Linux systems. The Microsoft… This is a post from HackRead.com Read the original post: New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

3 years ago

HackRead

Open in Source

#vulnerability #web #android #windows #microsoft #linux #apache #oracle #wordpress #intel #php #rce #botnet #auth #ssh #mongo #jira

CVE-2022-29429: WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability - Patchstack

Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery.

3 years ago

CVE

Open in Source

#csrf #vulnerability #web #wordpress #rce

Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in

A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.

3 years ago

DARKReading

Open in Source

#vulnerability #web #wordpress #intel #rce

WordPress Tatsu Builder Remote Code Execution

WordPress Tatsu Builder plugin versions prior to 3.3.13 suffer from an unauthenticated remote code execution vulnerability.

3 years ago

Packet Storm

Open in Source

#vulnerability #web #wordpress #php #rce #auth

Sysrv-K Botnet Targets Windows, Linux

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.

3 years ago

Threatpost

Open in Source

#vulnerability #web #windows #microsoft #linux #java #oracle #wordpress #intel #rce #botnet #vmware #ssh #zero_day

New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners

Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control of web servers. The cryptojacking botnet first emerged in December 2020. "Sysrv-K scans the

3 years ago

The Hacker News

Open in Source

#vulnerability #web #mac #windows #microsoft #linux #wordpress #rce #botnet #ssh #The Hacker News

CVE-2022-1465

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue.

3 years ago

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack

3 years ago

CVE

Open in Source

#xss #csrf #wordpress

CVE-2022-1408

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

3 years ago

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code

3 years ago

CVE

Open in Source

#wordpress #php #perl

Tag

#wordpress