Bejtlich Skills and Interest Radar from July 2005

This is unusual. I found this "skills and interest radar" diagram I created in July 2005. It looks like my attempt to capture and prioritize technical interests. At the time I was about to start consulting on my own, IIRC. Copyright 2003-2020 Richard Bejtlich and TaoSecurity...

blog-city.info Cross Site Scripting vulnerability OBB-3460137

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PHPJabbers STIVA Blog Script 4.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Navigating a New Reality: Content Personalization at Scale

Prioritizing content personalization can improve user engagement, enhance customer experiences, and boost revenue on a global scale...

MOVEit Vulnerability Breaches Targeted Fed Agencies

Jon Clay and Ed Cabrera talk about the MOVEit breaches and more in the video series TrendTalksBizSec...

BookIt < 2.3.8 - Authentication Bypass

The plugin does not perform any authorisation check when a user book an appointment using an email from an existing account, allowing unauthenticated attackers to login as any user from the blog by providing their email address On a page where the bookit is embed, book an appointment using an ema...

This Week in Spring - June 20th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Sydney, Australia, talking to customers, koalas, kangaroos, and whoever else will listen! I'll be doing a live presentation, tonight at the Microsoft Reactor here in Sydney. Register now and come join me! As usual, we'...

NetArt Media Blog LITE 2.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Groomify v1.0 - SQL Injection Vulnerability

Exploit Title: Groomify v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114 Demo Site: https://script.bugfinder.net/groomify Tested on: Kali Linux CVE: N/A Vulnerable URL...

Insight on Vulnerabilities in MOVEit Transfer

Ongoing developments on this topic will be added to this thread. We invite you to bookmark this page and check back...

Insights on the MOVEit File Transfer Vulnerability

Ongoing developments on this topic will be added to this thread. We invite you to bookmark this page and check back...

Entering Through the Gift Shop: Attacks on Commerce

...

A Massive Vaccine Database Leak Exposes IDs of Millions of Indians

Personal information, including ID documents and phone numbers, have been released on Telegram...

Thruk Monitoring Web Interface 3.06 - Path Traversal

Exploit Title: Thruk Monitoring Web Interface 3.06 - Path Traversal Date: 08-Jun-2023 Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software Link + Exploit +...

Sweat Economy Gives Power to Community over 2 Billion SWEAT Tokens

By Waqas These 2 billion SWEAT tokens, which make up around 13% of the total supply, have been locked in… This is a post from HackRead.com Read the original post: Sweat Economy Gives Power to Community over 2 Billion SWEAT Tokens...

CVE-2021-4383 WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to...

CVE-2021-4383

CVE-2021-4383 affects the WP Quick FrontEnd Editor plugin for WordPress. Technical details in the connected documents show a vulnerability in page-editing due to missing capability checks, making it possible for low-authenticated users (e.g., subscribers) to edit or create any page or post on sit...

blog-city.info Cross Site Scripting vulnerability OBB-3399013

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview calandraca is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview @chegg-me-lpc/utils is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...