Orchard Core RC1 - Persistent Cross-Site Scripting

Exploit Title: Orchard Core RC1 - Persistent Cross-Site Scripting Google Dork: "Orchardcms" Date: 2020-05-07 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: http://www.orchardcore.net/ Software Link: https://github.com/OrchardCMS/OrchardCore Version: RC1 Tested on: Windows CVE...

Orchard Core RC1 Cross Site Scripting

Exploit Title: Orchard Core RC1 - Persistent Cross-Site Scripting Google Dork: "Orchardcms" Date: 2020-05-07 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: http://www.orchardcore.net/ Software Link: https://github.com/OrchardCMS/OrchardCore Version: RC1 Tested on: Windows CVE...

Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload

According to Jerome Bruandet, from NintechNet, the vulnerability, currently exploited by attackers, allows any logged-in user to upload and execute PHP scripts on the blog. Chloe Chamberland from Wordfence also confirmed the issue and added that "This vulnerability is being used in conjunction wi...

New Book! The Best of TaoSecurity Blog, Volume 1

I'm very pleased to announce that I've published a new book! It's The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice. It's available now in the Kindle Store, and if you're a member of Kindle Unlimited, it's currently free. I may also publish a print...

SaltStack Patches Critical Vulnerabilities in Salt

SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these...

CVE-2020-12472

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

CVE-2020-12472

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

Cross site scripting

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

CVE-2020-12472

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...

RM Downloader 3.1.3.2.2010.06.13 - (Load) Buffer Overflow (SEH) Exploit

Exploit Title: RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow SEH Author: Felipe Winsnes Version: 3.1.3.2.2010.06.13 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the python script, it will create a new file "poc.txt" 2.- Copy the content of the new file 'poc.txt' to clipboard 3.-...

TXQPHP Blog suffers from SQL Injection Vulnerability

TXQPHP Blog is a PHP blog system source code suitable for novice practitioners to practice, the system is written using MYSQLI, the front three templates home page, content page, message boards categories. TXQPHP Blog has a SQL injection vulnerability , an attacker can use this vulnerability to...

RM Downloader 3.1.3.2.2010.06.13 Buffer Overflow

Exploit Title: RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow SEH Date: 2020-04-20 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/9af366e59468eac0b92212912b5c3bcb-RMDownloader.exe Version: 3.1.3.2.2010.06.13 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the...

RM Downloader 3.1.3.2.2010.06.13 - &#039;Load&#039; Buffer Overflow (SEH)

Exploit Title: RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow SEH Date: 2020-04-20 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/9af366e59468eac0b92212912b5c3bcb-RMDownloader.exe Version: 3.1.3.2.2010.06.13 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the...

Pillaging AWS ECS Task Definitions for Hardcoded Secrets

The post Pillaging AWS ECS Task Definitions for Hardcoded Secrets appeared first on Rhino Security Labs...

Apple and Google Respond to Covid-19 Contact Tracing Concerns

Apple and Google's Bluetooth-based system isn't perfect. But many of the biggest concerns have solutions...

Residential Internet Connections are now Business Connections: What about Security and Compliance?

Near-global mandates to stay at home have completely reshaped the internet security landscape. Remote work is the new normal, inverting the traditional office model. Attackers are not relenting as they see opportunity to take advantage of a world with a singular focus. Here are a couple of recent...

blog.turbosfrance.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-1136483 Security Researcher keritzy Helped patch 2026 vulnerabilities Received 5 Coordinated Disclosure badges Received 4 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting blog.turbosfrance.com websi...

XSS vulnerability in Gridea

Gridea is a static blog writing client. An XSS vulnerability exists in Gridea, which can be exploited by an attacker to execute a malicious script and obtain an administrator cookie...

Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team

Recently, we published our first case report 001: …And Then There Were Six by the Microsoft Detection and Response Team DART. We received significant positive response from our customers and colleagues and our team has been getting inquiries asking for more reports. We are glad to share the DART...

Zero Trust framework to enable remote work

Zero Trust Assessment tool now live! With such a large influx of employees working remotely, many of the traditional network-based security controls are unable to protect the organization. For many organizations, there are two options: route all remote traffic through a strained legacy network...