Litestar has potential log injection in exception logging

Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...

New Magecart Attack Uses 404 Errors to Steal Your Card Data

By Deeba Ahmed Be cautious of scammers employing a new and convincing trick to steal your payment card data through a Magecart attack. This is a post from HackRead.com Read the original post: New Magecart Attack Uses 404 Errors to Steal Your Card Data...

CVE-2022-38704

Summary (CVE-2022-38704) : A CSRF vulnerability exists in the WordPress SEO Redirection plugin versions = 9.1 as a fix, or apply the provided workaround (restrict plugin settings access) where applicable. Monitor for updates from the listed advisories.

CVE-2022-38704 WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SEO Redirection plugin = 8.9 at WordPress, leading to deletion of 404 errors and redirection history...

DotNetNuke Cookie Deserialization Remote Code Execution Exploit

This Metasploit module exploits a deserialization vulnerability in DotNetNuke DNN versions 5.0.0 through 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type ...

GHSA-926Q-WXR6-3CRQ Moderate severity vulnerability that affects roundup

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgihandler.py mishandle 404 errors...

Moderate severity vulnerability that affects roundup

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgihandler.py mishandle 404 errors...

CVE-2019-10904

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgihandler.py mishandle 404 errors...

CVE-2019-10904

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgihandler.py mishandle 404 errors...

CVE-2019-10904

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgihandler.py mishandle 404 errors...

CVE-2019-10904

CVE-2019-10904 affects Roundup 1.6: XSS via the URI caused by improper 404 handling in the web front-end, specifically in frontend/roundup.cgi and roundup/cgi/wsgi_handler.py. Practical impact is client-side code execution due to crafted URIs. Exploitation details are not provided in the supplied...

Dirhunt v0.6.0 - Find Web Directories Without Bruteforce

DEVELOPMENT BRANCH : The current branch is a development version. Go to the stable release by clicking on the master branch. Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the "index of" mode enabled. Dirhunt is also...

Dirhunt - Find Web Directories Without Bruteforce

Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the "index of" mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors , directories where an empty inde...

Yelp: Nginx server version disclosure on engineeringblog

Hi Yelp Team, I have found a little information disclosure on your system with regards to the version of server you are using, due to not properly handling 404 errors , whe you go to the page that i not existing, the exact nginx version was disclosed. PoC URL: engineeringblog.yelp.com/test PoC...

GoAccess - Real-time Web Log Analyzer and Interactive Viewer

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in nix systems. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and...

Dirs3arch - HTTP(S) Directory/File Brute Forcer

dirs3arch is a simple command line tool designed to brute force directories and files in websites. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked .htaccess, web.config, etc. Recursive brute forcing Usage: dirs3arch.py -u|--url target...

Wordpress Plugin Better WP Security - Stored XSS

No description provided by source. ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren [email protected] Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better...

NGS00500 Technical Advisory: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE

======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren [email protected] Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better WP Security Plugin Version...

WordPress Plugin Better WP Security 3.4.8/3.4.9/3.4.10/3.5.2/3.5.3 - Persistent Cross-Site Scripting

======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better WP Security Plugin Version 3.4.8/3.4.9/3.4.10/3.5.2/3.5.3 Risk...

WordPress Plugin Better WP Security 3.4.83.4.93.4.103.5.23.5.3 - Persistent Cross-Site Scripting

WordPress Plugin Better WP Security 3.4.83.4.93.4.103.5.23.5.3 - Persistent Cross-Site Scripting ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren Vendor: Bit51 Vendor...