7703 matches found
CVE-2024-7114
A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
CVE-2024-7114
A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
CVE-2024-7114 Tianchoy Blog so.php sql injection
A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
CVE-2024-7114
The CVE-2024-7114 entry concerns Tianchoy Blog versions up to 1.8.8. The vulnerability is a SQL injection in an unknown part of the file /so.php, triggered by manipulating the search parameter. It is exploitable remotely and has been publicly disclosed. Practical impact is information and data co...
CVE-2024-7114 Tianchoy Blog so.php sql injection
A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...
PT-2024-38084 · Unknown · Tianchoy/Blog
Name of the Vulnerable Software and Affected Versions: Tianchoy Blog versions up to 1.8.8 Description: A critical issue has been found, affecting an unknown part of the file /so.php. The manipulation of the search argument leads to sql injection. It is possible to initiate the attack remotely. Th...
Tianchoy Blog SQL注入漏洞
Tianchoy Blog is a blog site of Tianchoy personal developer. A SQL injection vulnerability exists in Tianchoy Blog version 1.8.8 and earlier versions, which stems from an incorrect operation of the search parameter that can lead to sql injection...
Malware Campaign Lures Users With Fake W2 Form
The following analysts contributed to the research: Evan McCann, Matt Smith, Ipek Solak, Jake McMahon Rapid7 has recently observed an campaign targeting users searching for W2 forms using the Microsoft search engine Bing. Users are subsequently directed to a fake IRS website, enticing them to...
CVE-2024-37229
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor – Blog Layouts for Elementor: from n/a through 1.5...
CVE-2024-37271
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0...
CVE-2024-37271
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Nelson Print My Blog print-my-blog.This issue affects Print My Blog: from n/a through = 3.27.0...
CVE-2024-37271 WordPress Print My Blog plugin <= 3.27.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0...
CVE-2024-37271 WordPress Print My Blog plugin <= 3.27.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Nelson Print My Blog print-my-blog.This issue affects Print My Blog: from n/a through = 3.27.0...
CVE-2024-37271
CVE-2024-37271 is a valid stored XSS in the Print My Blog WordPress plugin (
PT-2024-27398 · Elementor · The Blogmentor – Blog Layouts For Elementor
Name of the Vulnerable Software and Affected Versions: Blogmentor – Blog Layouts for Elementor versions n/a through 1.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can b...
CVE-2024-37918
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCone ConeBlog – WordPress Blog Widgets coneblog-widgets.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through = 1.4.8...
CVE-2024-37918
CVE-2024-37918 affects ConeBlog – WordPress Blog Widgets (ConeBlog Widgets) for WordPress. Described as an stored XSS due to Improper Neutralization of Input During Web Page Generation, impacting ConeBlog Widgets versions from n/a through 1.4.8. The connected records confirm the same vulnerabilit...
CVE-2024-39906
A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...
CVE-2024-39906
The CVE-2024-39906 vulnerability affects the Haven blog web application (Ruby on Rails) via its IndieAuth functionality. A logged-in administrator can be forced to click a crafted link that executes arbitrary commands on the server, enabling Remote Code Execution (RCE). The root cause is a comman...
Brett Solomon on Digital Rights
Brett Solomon is retiring from AccessNow after fifteen years as its Executive Director. Hes written a blog post about what hes learned and what comes next...