7703 matches found
a-blog cms security breach
a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions Ver.3.1.0 through Ver.3.1.8, which stems from the presence of a URL spoofing vulnerability that could force a product administrator to visit an arbitrary website when clicking on a link ...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference MSC 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at...
PT-2024-21003 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.1.0 through 3.1.8 Description: A URL spoofing issue exists, allowing an attacker to force the administrator to access an arbitrary website when clicking a link in the audit log by sending a specially crafted request...
On Passkey Usability
Matt Burgess tries to only use passkeys. The results are mixed...
[SECURITY] Fedora 38 Update: python-nikola-8.3.0-1.fc38
Nikola is a static site and blog generator using Python. It generates sites with tags, feeds, archives, comments, and more from plain text files. Source can be unformatted, or formatted with reStructuredText or Markdown. It also automatically builds image galleries...
Fedora: Security Advisory for python-nikola (FEDORA-2024-1eb20f8ec3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Friday Squid Blogging: A Penguin Named “Squid”
Amusing story about a penguin named "Squid." As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
blog.artsper.com Cross Site Scripting vulnerability OBB-3850778
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Deepfake Fraud
A deepfake video conference call--with everyone else on the call a fake--fooled a finance worker into sending $25M to the criminals account...
The Web Scraping Problem, Part 2: Use Cases that Require Scraping
...
kola-blog.com Cross Site Scripting vulnerability OBB-3848161
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
The Mystery of the $400 Million FTX Heist May Have Been Solved
An indictment against three Americans suggests that at least some of the culprits behind the theft of an FTX crypto fortune may be in custody...
Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update
Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options Run the below command in the developer console of the web browser while being on th...
blog-ru.ukit.com Cross Site Scripting vulnerability OBB-3846122
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-6279
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
Keep Your Tech FLAME Alive
...
WordPress plugin Woostify Sites Library security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2024-23782
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...
CVE-2024-23782
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...
Cross site scripting
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...