CVE-2020-25987

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash...

CVE-2020-25987

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash...

CVE-2020-25986

A Cross Site Request Forgery CSRF vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user...

Cross site request forgery (csrf)

A Cross Site Request Forgery CSRF vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user...

Hardcoded credentials

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash...

CVE-2020-25986

A Cross Site Request Forgery CSRF vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user...

CVE-2020-25986

CVE-2020-25986 (MonoCMS Blog 1.0) is a CSRF vulnerability that, per the description, allows an attacker to change a user’s password. The core affected component is MonoCMS Blog 1.0; the root cause is CSRF that enables unwanted state-changing requests without user interaction, leading to credentia...

CVE-2020-25987

CVE-2020-25987 affects MonoCMS Blog 1.0. The issue arises from hard-coded admin hashes stored in log.xml within the MonoCMS Blog source, with the hash type bcrypt and hashcat mode 3200 cited as crackable. This can enable credential exposure or misuse if an attacker can access the log.xml contents...

CVE-2020-25987

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 86 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 86.0.4240.75 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

Elastic: Prototype Pollution leads to XSS on https://blog.swiftype.com/#__proto__[asd]=alert(document.domain)

Summary: deparam function which parses location.hash in https://s.swiftypecdn.com/install/v2/st.js is vulnerable to prototype pollution. There is a script gadget in the same js file which leads to XSS. Steps To Reproduce: Visit Refresh if you don't see a pop up...

Meet JWT heartbreaker, a Burp extension that finds thousands weak secrets automatically

In the recent post https://wlrm210771357.wpcomstaging.com/340-weak-jwt-secrets-you-should-check-in-your-code/, we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly. Using this data, its possible to check if you or your developers forgot to chan...

Meet JWT heartbreaker, a Burp extension that finds thousands weak secrets automatically

In the recent post https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/, we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly. Using this data, its possible to check if you or your developers forgot to change default...

MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials

Exploit Title: MonoCMS Blog 1.0 - Arbitrary File Deletion Authenticated Date: 2020-09-20 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: https://monocms.com/download Software Link: https://monocms.com/download Version: 1.0 Tested On: Windows 10 XAMPP CVE: N/A Proof of...

worldrecipesblog.com Cross Site Scripting vulnerability OBB-1368287

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

MileagePHP open source blog system has an arbitrary directory deletion vulnerability

MileageMi is a ThinkPHP open source blogging system. MileageMi PHP open source blog system has an arbitrary directory deletion vulnerability that can be exploited by attackers to delete directory files...

Arbitrary Directory Deletion Vulnerability in Mile High PHP Open Source Blog System (CNVD-2020-59461)

MileageMi is a ThinkPHP open source blogging system. MileageMi PHP open source blog system has an arbitrary directory deletion vulnerability that can be exploited by attackers to delete directory files...

SQL Injection Vulnerability in MileagePlus PHP Blog System

MileagePHP Blog System is an open source blog system based on ThinkPHP. MileagePHP Blog System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Exploit for OS Command Injection in Secudos Domos

CVE-2020-14293 This vulnerablity was discovered and disclosed...

India’s COVID-19 surveillance tool exposed millions of user data

By Waqas The COVID-19 surveillance tool built by the Uttar Pradesh state government has put data of approx. 8 million Indian citizens at risk. This is a post from HackRead.com Read the original post: Indias COVID-19 surveillance tool exposed millions of user data...