#UserInputSanitization

‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln

October 2, 2024 by Xynik

October 2, 2024 at 06:59AM Infosec researchers advise patching Zimbra mail servers immediately due to the mass exploitation of a critical remote code execution vulnerability (CVE-2024-45519). Attackers have been adding bogus CC addresses to spoofed Gmail emails, potentially leading to unauthorized access and system compromise. The National Vulnerability Database’s backlog of vulnerabilities remains a concern, … Read more

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

February 27, 2024 by Xynik

February 27, 2024 at 09:57AM A security vulnerability in LiteSpeed Cache plugin for WordPress (CVE-2023-40000) allows unauthenticated users to elevate privileges. Patchstack researcher Rafie Muhammad mentioned potential information theft and privilege escalation. The issue was fixed in version 5.7.0.1, and the latest version is 6.1, released on February 5, 2024. This follows Wordfence’s discovery of … Read more