7735 matches found
CVE-2019-19682
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/id Admin/Blog/BlogPostEdit/id. NOTE: the...
A file inclusion vulnerability exists in the al*** function ma***_tpl parameter of the Qibo blogging system.
Qibo blog system, Qibo software produced by the multi-user blog system. Qibo blog system al function matpl parameter file containment vulnerability, an attacker can exploit the vulnerability contains malicious files, access to server privileges...
Friday Squid Blogging: Squidfall Safety
Watchmen supporting material. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy
The Cybersecurity and Infrastructure Security Agency CISA has released a draft of Binding Operational Directive BOD 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy VDP. CISA has posted the draft...
blog-istanbul.blogspirit.com Cross Site Scripting vulnerability
Security Researcher geeknik Helped patch 8547 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting blog-istanbul.blogspirit.com website and its users...
Trump's Ukraine Delusion, Tesla's Ford Showdown, and More News
Catch up on the most important news from today in two minutes or less...
Stored Cross-Site Scripting Vulnerability in ZrLog Frontend
ZrLog is a blog/CMS program developed in Java. A stored cross-site scripting vulnerability exists in the ZrLog frontend. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...
blog.oxfamintermon.org Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1023300 Security Researcher geeknik Helped patch 8887 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting blog.oxfamintermon.org...
Friday Squid Blogging: T-Shirt
"Squid Pro Quo" T-shirt. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
The cybercrime ecosystem: attacking blogs
Executive summary The Cybercrime Ecosystem is a series of articles explaining how cybercriminals operate, what drives them, what techniques they use and how we, regular Internet users, are part of that ecosystem. The articles will also cover technical details and up-to-date research on the threat...
File Inclusion Vulnerability in Blue Route Blog System si***_mo***.php Page
Blue Route Blog System is built with PHP+MySQL. Blue Route blog system simo.php page there is a file inclusion vulnerability, an attacker can use the vulnerability to include any file on the server...
Blue Route blog system at***.php page has arbitrary file download vulnerability
Blue Route Blog System is built with PHP+MySQL. Blue Route blog system at.php page exists arbitrary file download vulnerability, an attacker can use the vulnerability to download arbitrary files...
Command Execution Vulnerability in Blue Route Blog System si***_mo***.php Page
Blue Route Blog System is built with PHP+MySQL. A command execution vulnerability exists in the simo.php page of the Blue Route blog system, which can be exploited by an attacker to perform malicious operations...
Friday Squid Blogging: Planctotuethis Squid
Neat video, and an impressive-looking squid. I can't figure out how long it is. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
FusionPBX Operator Panel exec.php Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...
SITOS six Build Cross-Site Scripting Vulnerability
SITOS is a modular e-learning system. The system includes features such as audio playback, video playback, forums, blogs and social media. A cross-site scripting vulnerability exists in the blog feature in SITOS six Build v6.2.1. The vulnerability stems from the WEB application lacking proper...
Command Execution Vulnerability in Blue Route Blog System
Blue Route Blog System is built with PHP+MySQL. Blue Route Blog System has a command execution vulnerability that can be exploited by attackers to gain server privileges...
Mr Blog PHP Cross Site Scripting / SQL Injection
Mr Blog PHP Script Multiple Vulnerabilities + Author : z3r0fy + Twitter.com/z3r0fy + Cx Security Link : https://cxsecurity.com/issue/WLB-2019100165 Download Pages : + https://wmaraci.com/forum/scriptler/kisisel-mr-blog-scripti-ucretsiz-indir-500655.html +...
File Upload Vulnerability in Blue Route Blog System
Blue Route blog system using PHP + MySQL to build, which is an easy to use, powerful blog system, simple code and double caching mechanism so that the system has a general speed of access. Blue Route blog system has a file upload vulnerability , attackers can exploit the vulnerability to obtain...
Wordpress Google Review Slider 6.1 Plugin - (tid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendo...