Automattic: De-anonymize anonymous tips through the Tumblr blog network

Hey y’all! 👋 Hope all is well! Summary: I noticed that, if you send an anonymous tip through the Tumblr dashboard, you can be de-anonymized through the notes view on the blog network & maybe elsewhere?. Platforms Affected: All platforms, but requires a blog that is served on the blog network. Ste...

Ukraine Cyberattack 2022: Geopolitical Cybersecurity

As geopolitical tensions rise, so does pressure to enhance corporate cyber-resilience...

Appleple a-blog cms 跨站脚本漏洞

Appleple a-blog cms is a content management system CMS from appleple Appleple Japan. A cross-site scripting vulnerability exists in a-blog cms, which originates. The vulnerability exists because user-supplied data is not adequately processed. A remote user can trick a victim into following a...

Appleple a-blog cms 跨站脚本漏洞

Appleple a-blog cms is a content management system CMS from appleple Appleple Japan. The a-blog cms suffers from a cross-site scripting vulnerability that exists due to insufficient cleaning of user-supplied data. A remote user can trick a victim into clicking on a specially crafted link and...

Appleple a-blog cms 代码注入漏洞

Appleple a-blog cms is a content management system CMS from appleple Appleple Japan. A code injection vulnerability exists in Appleple a-blog cms, which is vulnerable due to a template injection issue. A remote user can obtain arbitrary files on the server. The vulnerability allows remote attacke...

JVN#14706307: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24374 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base Score: 3.5...

Test Future Date Blog

...

Friday Squid Blogging: Climate Change Causing “Squid Bloom” along Pacific Coast

The oceans are warmer, which means more squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

ModifiedElephant APT hackers plant incriminating evidence on victims devices

By Waqas ModifiedElephant APT group has been carrying out its malicious activities since 2012 and successfully evading detection for over… This is a post from HackRead.com Read the original post: ModifiedElephant APT hackers plant incriminating evidence on victims devices...

CVE-2022-23626

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

Design/Logic Flaw

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

CVE-2022-23626 Insufficient file checks in m1k1o/blog

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

CVE-2022-23626 Insufficient file checks in m1k1o/blog

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

CVE-2022-23626

Vulnerability: CVE-2022-23626 in m1k1o/blog (PHP blog) where errors from imagecreatefrom* / image* were not checked, allowing the original uploaded file to remain on disk despite PHP warnings. Impact described as potential exposure of malicious payloads stored on disk; remediation advised is upgr...

CVE-2022-23626 Insufficient file checks in m1k1o/blog

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

JetBrains Security Bulletin Q4 2021

JetBrains Security JetBrains Security Bulletin Q4 2021 Robert Demmer In the fourth quarter of 2021, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description | Severity...

PT-2022-16140 · Unknown · M1K1O/Blog

Name of the Vulnerable Software and Affected Versions: m1k1o/blog affected versions not specified Description: The issue concerns a lightweight self-hosted PHP blog, where errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload...

M1k1o Blog 输入验证错误漏洞

M1k1o Blog is a simple self-hosted, lightweight, single-user PHP blog where you can create your own Facebook-like feed. An input validation error vulnerability exists in M1k1o Blog, which stems from an error in the product functions imagecreatefrom and image that is not properly checked...

Blog Post Title Goes Here

The Blog description goes here...

blog.ipi.media Cross Site Scripting vulnerability OBB-2348151

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...