FAQ: Transitioning to the highly anticipated new revision of ISO 27001

For a group like Coalfire Certification that lives and breathes these standards daily, it has been an exciting few months monitoring the progress of this publication and its review through the various ISO working groups...

same_type_object_reuse_exploits

PoC Same-Type/Same-Address Object Reu...

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient escaping on the Blog Name value. An attacker can manipulate the output and execute arbitrary JavaScript by...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 POC for CVE-2022-40684 affecting Fortinet Forti...

CVE-2022-38902

A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...

PT-2022-24615 · Liferay · Liferay Digital Experience Platform

Name of the Vulnerable Software and Affected Versions: Liferay Digital Experience Platform version 7.3.10 SP3 Description: A Cross-site scripting XSS issue in the Blog module's add new topic functionality allows remote attackers to inject arbitrary JS script or HTML into the name field of newly...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress v1.2.1, which was discovered to contain a cross-site scripting XSS vulnerability via the page parameter on /Flatpress/admin.php...

WordPress plugin Download Monitor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

October Is Cybersecurity Awareness Month

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I dont think Ive ever mentioned it before. But the memes can be funny. Heres a decent...

Malicious Package

Overview byte54321 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

November 8, 2022 update - Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no longer recommended. For mor...

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

November 8, 2022 update - Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no longer recommended. For mor...

Flatpress 代码问题漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A code issue vulnerability exists in Flatpress versions prior to v1.2.1, which stems from a Remote Code Execution RCE vulnerability contained in the upload file feature...

Malicious Package

Overview whitebit-docs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview ccctftest is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview wp-module-secure-passwords is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Malicious Package

Overview polkadot-staking-dashboard is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

CVE-2022-3076 CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example...

Security Bulletin: IBM Informix Cryptographic Library Updates (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Abstract Multiple security problems exist in the IBM GSKit libraries that IBM Informix and IBM Informix ClientSDK use to provide communications security and other cryptographic functionality. Content CVE ID: CVE-2012-2190 DESCRIPTION: GSKit allows remote attackers to cause a denial of service...

Security Bulletin: IBM SONAS fix available for Cross Frame Scripting vulnerability via Graphical User Interface (CVE-2013-5376)

Abstract An issue in IBM SONAS allows remote attackers to access the system as an authorized administrative user. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-5376 DESCRIPTION: An error in the IBM SONAS Graphical User Interface results in a Cross Frame Scripting vulnerability which can be used...