7734 matches found
Design/Logic Flaw
MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/foldername/index.php causing RCE...
CVE-2020-28672
MonoCMS Blog 1.0 is affected by an Access Control Error that can lead to remote arbitrary code execution. The issue arises at monofiles/category.php:27, where user input can be saved to category/[foldername]/index.php, enabling RCE. This CVE is CVE-2020-28672. The connected sources corroborate a ...
CVE-2020-28672
MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/foldername/index.php causing RCE...
MonoCMS Blog 访问控制错误漏洞
Mono is an open source software platform for creating .NET cross-platform applications. MonoCMS Blog 1.0 suffers from an Access Control Error vulnerability that stems from incorrect access control and leads to remote execution of arbitrary code...
Friday Squid Blogging: Linguine allo Scoglio Recipe
Delicious seafood pasta dish -- includes squid -- from Americas Test Kitchen. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Microsoft Internal Solorigate Investigation Update
As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like other SolarWinds customers, we have been actively looking for indicators of the Solorigate actor and want ...
FlatPress Cross-Site Scripting Vulnerability (CNVD-2020-75633)
FlatPress is a lightweight, easy to set up blogging engine. A cross-site scripting vulnerability exists in the "Blog Content" component of FlatPress 1.0.3. An attacker can exploit this vulnerability to steal cookies...
FluxBB Cross-Site Scripting Vulnerability
FluxBB is an open source forum application. A cross-site scripting vulnerability exists in the "Blog Content" component of FluxBB 1.5.11. An attacker can exploit this vulnerability to steal cookies...
h1-ctf: Writeup Submission
The Write-Up will be published within the next hours latest till Dec. 31st 12:00 PST under https://blogs.tippexs.io User: h4ck4r0ne Pass: s4nt4sucks Let me know if I need to submit anything else. I have started crafting an PDF but it become that huge that I have decided to create a complete new...
CVE-2020-35240
FluxBB 1.5.11 is affected by cross-site scripting XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the...
CVE-2020-35241
FlatPress 1.0.3 is affected by cross-site scripting XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie...
CVE-2020-35240
FluxBB 1.5.11 is affected by cross-site scripting XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the...
CVE-2020-35241
FlatPress 1.0.3 is affected by cross-site scripting XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie...
Cross site scripting
FluxBB 1.5.11 is affected by cross-site scripting XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the...
CVE-2020-35241
FlatPress 1.0.3 is affected by cross-site scripting XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie...
CVE-2020-35240
FluxBB 1.5.11 is affected by cross-site scripting XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the...
Flatpress 跨站脚本漏洞
FlatPress is a lightweight, easy to set up blogging engine. A cross-site scripting vulnerability exists in the "Blog Content" component of FlatPress 1.0.3. An attacker can exploit this vulnerability to steal cookies...
Fluxbb 跨站脚本漏洞
FluxBB is an open source forum application. A cross-site scripting vulnerability exists in the "Blog Content" component of FluxBB 1.5.11. An attacker can exploit this vulnerability to steal cookies...
h1-ctf: Flags for hackyholidays CTF
Hi, Here are all the flags: 1. robots.txt: flag48104912-28b0-494a-9995-a203d1e261e7 2. s3cr3t-ar3a: flagb7ebcb75-9100-4f91-8454-cfb9574459f7 3. people-rater: flagb705fb11-fb55-442f-847f-0931be82ed9a 4. swag-shop: flag972e7072-b1b6-4bf7-b825-a912d3fd38d6 5. secure-login:...
Russia's SolarWinds Hack Is a Historic Mess
All the most important stories about the biggest hack in years...