CVE-2023-2101

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be...

Path traversal

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be...

CVE-2023-2101

The CVE-2023-2101 entry concerns moxi624 Mogu Blog v2 up to 5.2, where the function uploadPictureByUrl (file /mogu-picture/file/uploadPicsByUrl) is vulnerable. The issue arises from manipulating the urlList argument, causing absolute path traversal. This may be exploited remotely, and public disc...

CVE-2023-2101 moxi624 Mogu Blog v2 uploadPicsByUrl uploadPictureByUrl absolute path traversal

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be...

PT-2023-17800 · Unknown · Moxi624 Mogu Blog

Name of the Vulnerable Software and Affected Versions: moxi624 Mogu Blog v2 up to 5.2 Description: A problematic issue has been found in the software, affecting the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolu...

Mogu blog 路径遍历漏洞

Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. Mogu Blog v2 to 5.2 version of the path traversal vulnerability , the vulnerability stems from the path /mogu-picture/file/uploadPicsByUrl in the uploadPictureByUrl...

PT-2023-10703 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.7 and earlier, 11.2.x through 11.2.3, 11.3.x through 11.3.0 Description: An issue was discovered in GitLab Community and Enterprise Edition, where blog-viewer has stored XSS during...

CVE-2018-17537

Removed by vendor...

Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in HTTPD. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in HTTPD. Vulnerability Details CVEID: CVE-2017-3167 Description:...

Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-8872)

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following vulnerability in libxml2. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following...

CVE-2023-23423

creationtimestamp| type| source ---|---|--- 2023-04-13 18:02:40+00:00| published-proof-of-concept| Telegram/gyCoGHimPrHuJIO4PODdzGa-SbQUX3r8l5z0rakuXLR 2023-04-18 07:16:18+00:00| published-proof-of-concept| https://t.me/RespaldoHackingTeam/1337 2023-04-18 12:11:38+00:00| seen|...

WordPress Blog Navigator Chatbot by Xatkit Plugin <= 4.4.9 is vulnerable to Cross Site Scripting (XSS)

Software Blog Navigator Chatbot by Xatkit Type Plugin Vulnerable versions = 4.4.9 Fixed in 4.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c4687eb6e786 Credits Unknown Required...

ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS

The plugin does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS Run the below command in...

Inside the 2022 Email Cyber Threat Landscape

Key trends and predictions you should know about...

Icinga Web 2.10 - Arbitrary File Disclosure

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...

CVE-2023-1937

A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attac...

Cross site request forgery (csrf)

A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attac...

CVE-2023-1937

CVE-2023-1937 affects zhenfeng13 My-Blog. The issue is in an unknown function of the file /admin/configurations/userInfo, where manipulating parameters yourAvatar, yourName, or yourEmail leads to cross-site request forgery. It can be exploited remotely and a public exploit exists. The project use...

CVE-2023-1937 zhenfeng13 My-Blog userInfo cross-site request forgery

A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attac...

Beware of new YouTube phishing scam using authentic email address

By Deeba Ahmed Watch out for a new YouTube phishing scam and ignore any email from YouTube that claims to provide details about "Changes in YouTube rules and policies | Check the Description." This is a post from HackRead.com Read the original post: Beware of new YouTube phishing scam using...