CVE-2020-21180

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page...

CVE-2020-21180

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page...

CVE-2020-21179

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page...

Sql injection

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page...

Sql injection

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page...

CVE-2020-21180

CVE-2020-21180 affects koa2-blog 1.0.0. It is a SQL injection vulnerability that enables remote attackers to inject SQL statements via the name parameter on the signup page. NVD lists CVSS v3.1 base score 9.8 (CRITICAL; NETWORK, LOW interaction, no privileges) and CVSS v2 base score 7.5 (HIGH). N...

CVE-2020-21180

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page...

CVE-2020-21179

Affected software: koa2-blog 1.0.0 . Vulnerability: SQL injection via the name parameter on the signin page. Root cause details are not provided in the documents. Impact: CVSSv3.1 base score 9.8 (CRITICAL) and CVSS2 base 7.5 (HIGH). Exploitation details and patches are not provided; no workaround...

CVE-2020-21179

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page...

Wclimb Koa2-blog SQL Injection Vulnerability

Wclimb Koa2-blog is a Node, Mysql based blog builder system by the individual developer of Wclimb. Sql injection vulnerability in koa2-blog 1.0.0 exists, which can be exploited by remote attackers to inject malicious Sql statements into the registration page via the name parameter...

Wclimb Koa2-blog SQL Injection Vulnerability

Wclimb Koa2-blog is a Node, Mysql based blog builder system by the individual developer of Wclimb. A SQL injection vulnerability exists in koa2-blog 1.0.0, which allows remote attackers to inject malicious Sql statements into the login page via the name parameter...

ZINC attacks against security researchers

In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive securit...

Distinguishing Among DNS Services Part 3: Investment and Innovation

This is Part 3 of a 3-part blog series highlighting some of the distinguishing aspects of Akamai's authoritative DNS services, Edge DNS and Global Traffic Management. Part 1 focused on Akamai's DNS platform and what sets it apart. Part 2...

Working Together with Our Customers to Build a Sustainable Future

By now, we hope you've read Monday's and Tuesday's blog posts announcing the release of our annual sustainability report, our sustainability program, and the technical innovation behind it...

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP version 1.6.0, which stems from the passwordvisitinputpassword function in zbuser/plugin/passwordvisit/include.php that uses loose comparisons for authentication, which...

North Korea Targets Security Researchers in Elaborate 0-Day Campaign

Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them — and then infects their organizations’ systems with custom backdoor malware. That’s according to Google’s Threat Analysis Group TAG, which...

Automattic: Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url

Summary: Hello team. I have found a place where filtration/encoding for special symbols used in blog/site url is not set which leads to Stored XSS on the user page who posted a comment on malicious blog/site. Platforms Affected: Affected page www.intensedebate.com/extras-widgets block "Recent...

Build OWASP Top-10 2021 based on fair statistics

Unofficial OWASP Top-10 2021 predictions calculated by understandable metrics, which are possible for everyone to reproduce and be presented to an entire community for feedback. The post Build OWASP Top-10 2021 based on fair statistics appeared first on Wallarm Blog...

Threat Source newsletter (Jan. 14, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. Microsoft released its monthly security update this week, disclosing 83 vulnerabilities across its suite of products to kickoff 2021. Our blog post has the most important vulnerabilities you need to know about, along with our...

MonoCMS Blog Access Control Error Vulnerability

Mono is an open source software platform for creating .NET cross-platform applications. MonoCMS Blog 1.0 suffers from an Access Control Error vulnerability that stems from incorrect access control and leads to remote execution of arbitrary code...