Design/Logic Flaw

ERPNext 11.1.47 allows blog?blogcategory= Frame Injection...

CVE-2019-20511

CVE-2019-20511 affects ERPNext 11.1.47 and is described as a Frame Injection vulnerability via the blog?blog_category parameter. Red Hat/CNVD-style entries corroborate an injection issue stemming from insufficient input validation on user-supplied data; ERPNext’s styling of a blog category parame...

Change the Rules Speaker Event

Akamai's Women's Forum Americas, OHANA and In Reach Employee Resource Groups recently hosted Cross ERG 'Change the Rules' Keynote - Celebration of Black History Month in our Chicago office. We were excited to have notable Michelle Silverthorn, CEO of Inclusion Nation, a company that focuses on...

Despite Coronavirus, Washington Isn't Worried About Its Primary

The state conducts its elections almost entirely by mail. The rest of the country should pay attention...

Arbitrary File Deletion Vulnerability in Catfish Blog

Catfish Blog is a free personal blogging system. Catfish Blog suffers from an arbitrary file deletion vulnerability that can be exploited by an attacker to delete arbitrary files on the operating system...

Quick wins—single sign-on (SSO) and Multi-Factor Authentication (MFA)

With Multi-Factor Authentication MFA and single sign-on SSO being a few of the most effective countermeasures against modern threats, organizations should consider a Cloud Identity as a Service IDaaS, and MFA solution, like Azure Active Directory AD. Here are seven benefits: 1. Azure AD is simple...

SQL Injection Vulnerability in in***.php File of Nameless Light Blog

Nameless Light Blog is an easy-to-use personal light blogging system MicroBlog based on PHP and Sqlite platforms. SQL injection vulnerability exists in the in.php file of Nameless Light Blog. An attacker can exploit the vulnerability to obtain sensitive database information...

[サイバーセキュリティ月間2020] マイクロソフト セキュリティパッチのきほん③

マイクロソフトでは、セキュリティ更新プログラムの適用を、よりシンプルに、より効率よくすることで、更新...

Friday Squid Blogging: An MRI Scan of a Squid's Brain

This paper30562-0 is filled with brain science that I do not understand news article, but fails to answer what I consider to be the important question: how do you keep a live squid still for long enough to do an MRI scan on them? As usual, you can also use this squid post to talk about the securi...

A New Clue for the Kryptos Sculpture

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers...

F-Secure Internet Gatekeeper 5.40 - Heap Overflow Exploit

Exploit for linux platform in category web applications Title: F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Author: Kevin Joensen Vendor: F-Secure Software: https://www.f-secure.com/en/business/downloads/internet-gatekeeper CVE: N/A Reference:...

Afternoon Cyber Tea—The State of Cybersecurity: How did we get here? What does it mean?

Every year the number and scale of cyberattacks grows. Marc Goodman, a global security strategist, futurist, and author of the book, Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, thinks a lot about how we got here and what it means, which is why he w...

blogger-cli (>=1.2.0 <=1.2.1), canonicalwebteam-blog (>=2.4.0 <=5.0.0) +3 more potentially affected by CVE-2020-5227 via feedgen (>=0.6.1 <=0.8.0)

feedgen PYPI version =0.6.1, =1.2.0, =2.4.0, =1.0.0.dev37, =2.0.2, =2.0.3 Source cves: CVE-2020-5227 Source advisory: OSV:PYSEC-2020-231...

blogger-cli (>=1.2.0 <=1.2.1), canonicalwebteam-blog (>=2.4.0 <=5.0.0) +3 more potentially affected by CVE-2020-5227 via feedgen (>=0.6.1 <=0.8.0)

feedgen PYPI version =0.6.1, =1.2.0, =2.4.0, =1.0.0.dev37, =2.0.2, =2.0.3 Source cves: CVE-2020-5227 Source advisory: OSV:GHSA-G8Q7-XV52-HF9F...

Wordable < 3.1.2 - Plugin's Authentication Bypass

This could allow an unauthenticated user to bypass the plugin authentication process and temporarily gain administrative privileges, allowing the publication of pages and posts on the blog, as well as the upload of media files...

blog-klubok.ru Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1075704 Security Researcher geeknik Helped patch 8930 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting blog-klubok.ru website and...

Don't Ignore Chrome's New Password Checkup Feature

It could help save you when the next big breach hits...

Rukovoditel Project Management CRM 2.5.2 SQL Injection

Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'reportsid' SQL Injection Google Dork: N/A Date: 2020-01-15 Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/...

Friday Squid Blogging: Stuffed Squid with Vegetables and Pancetta

A Croatian recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Catfish Blog has a file upload vulnerability

Catfish Blog is a free personal blogging system. A file upload vulnerability exists in Catfish Blog, which can be exploited by an attacker to upload malicious files and gain administrative privileges on the site...