The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. How to mitigate CVE-2020-27615 Time needed:Â 5 minutes. Follow the instructions, as they will assist you in mitigating Read more
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. How to mitigate CVE-2020-27344 Time needed:Â 5 minutes. Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that been reported in CVE-2020-27344. Install Read more
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The Read more
A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated privileges to elevate Read more
D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. How to mitigate CVE-2020-6841 Time needed:Â 5 minutes. Follow the instructions, as they will Read more
Cyberwarzone.com