Cutting the Red Tape: Lessons Learned from CyberThreats 2021

If I had a dollar for every time I heard the phrase “digital transformation,” I would have a lot of dollars. I’m sure you would too. We’d have even more if we counted the term “Zero Trust.” Maybe we should start counting them, now that I think about it!...

SourceCodester Fantastic-Blog-CMS Cross-Site Scripting Vulnerability

SourceCodester Fantastic-Blog-CMS is an application. A blogging system. version 1.0 of SourceCodester Fantastic-Blog-CMS contains a security vulnerability that can be exploited by remote attackers to inject arbitrary web script or HTML via the search field search.php...

SourceCodester Fantastic Blog CMS SQL Injection Vulnerability

SourceCodester Fantastic Blog CMS is an application. Absolutely brilliant web content management system for blogs/posts. SourceCodester Fantastic Blog CMS has a security vulnerability that can be exploited by attackers to execute arbitrary SQL statements via the id parameter to category.php...

CVE-2021-26224

Cross-site scripting XSS vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php...

CVE-2021-26224

Cross-site scripting XSS vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php...

CVE-2021-26224

CVE-2021-26224 : A cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS v1.0 allows remote attackers to inject arbitrary web script or HTML via the search field (search.php). The connected references confirm the affected product/version and the input vector, but no detail...

CVE-2021-26231

SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php...

CVE-2021-26231

SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php...

Sql injection

SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php...

CVE-2021-26231

CVE-2021-26231 affects SourceCodester Fantastic Blog CMS v1.0. The vulnerability is an SQL injection in category.php via the id parameter, allowing remote attackers to execute arbitrary SQL statements. Reported impact includes high severity (CVSS v3.1: 9.8, CRITICAL) with network exposure and no ...

CVE-2021-26231

SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php...

SourceCodester Fantastic-Blog-CMS 跨站脚本漏洞

SourceCodester Fantastic-Blog-CMS is an application. A blogging system. version 1.0 of SourceCodester Fantastic-Blog-CMS contains a security vulnerability that can be exploited by remote attackers to inject arbitrary web script or HTML via the search field search.php...

SourceCodester Fantastic Blog CMS SQL注入漏洞

SourceCodester Fantastic Blog CMS is an application. Absolutely brilliant web content management system for blogs/posts. SourceCodester Fantastic Blog CMS has a security vulnerability that can be exploited by attackers to execute arbitrary SQL statements via the id parameter to category.php...

Announcing the Top MSRC 2021 Q2 Security Researchers - Congratulations!

We’re excited to announce the top contributing researchers for the 2021 Second Quarter Q2! Congratulations to all the researchers recognized in this quarter’s leaderboard and thank you to everyone who continues to help secure our customers and the...

Tale blog has a file read vulnerability

Tale blog is a java development blog system. Tale blog has a file read vulnerability that can be exploited by attackers to obtain sensitive information...

Frontend File Manager < 18.3 - Unauthenticated Arbitrary Post Deletion

The wpfmdeletefile AJAX action of the plugin, available to unauthenticated users, was lacking CSRF and capability check, allowing unauthenticated users to delete arbitrary posts and pages from the blog...

Threat Source newsletter (July 8, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. Just like everyone else in the security world, our week's been dominated by the Kaseya supply chain attack. We went live on pretty much every social media platform we could think of yesterday to update everyone on the... This is on...

Catfish Blog suffers from a file upload vulnerability (CNVD-2021-49553)

Catfish Blog is an open source free PHP blog. Catfish Blog has a file upload vulnerability that can be exploited by an attacker to upload a webshell and gain server privileges...

Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution Vulnerabilities

Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...

Catfish Blog suffers from a file upload vulnerability (CNVD-2021-49554)

Catfish Blog is an open source free PHP blog. Catfish Blog has a file upload vulnerability that can be exploited by an attacker to upload a webshell and gain server privileges...