CVE-2019-11565

CVE-2019-11565 : The WordPress plugin Print My Blog (before 1.6.7) is vulnerable to a Server Side Request Forgery (SSRF) via the site parameter. This affects the plugin's ability to perform requests to arbitrary internal/external resources, enabling an attacker to induce requests from the WordPre...

CVE-2019-11565

Server Side Request Forgery SSRF exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter...

Hackers Found a Freaky New Way to Kill Your Car

Mueller report fallout, a biometrics database, and more of the week's top security news...

WordPress Print My Blog plugin <= 1.6.5 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

Unauthenticated Server Side Request Forgery SSRF vulnerability found by Magnus K. Stubman in WordPress Print My Blog plugin versions = 1.6.5. Solution Update the WordPress Print My Blog plugin to the latest available version at least 1.6.6...

Print My Blog <= 1.6.5 - Unauthenticated Server Side Request Forgery (SSRF)

The Print My Blog – Print, PDF, & eBook Converter WordPress Plugin WordPress plugin was affected by an Unauthenticated Server Side Request Forgery SSRF security vulnerability...

14 Mueller Report Takeaways You Might Have Missed

When you dig into the Mueller report, a lot of important details start to jump out...

CVE-2017-18366

Subrion CMS 4.1.5 has CSRF in blog/delete/...

CVE-2017-18366

Subrion CMS 4.1.5 has CSRF in blog/delete/...

Cross site request forgery (csrf)

Subrion CMS 4.1.5 has CSRF in blog/delete/...

CVE-2017-18366

CVE-2017-18366 relates to Subrion CMS 4.1.5 and is a CSRF in the blog/delete/ action. The Red Hat and GitHub advisory records corroborate a CSRF vulnerability in Subrion CMS 4.1.5 and note mitigations have been applied in a newer release. The issue originates from insufficient CSRF protections, e...

CVE-2017-18366

Subrion CMS 4.1.5 has CSRF in blog/delete/...

Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF', 'Description' = %q This module exploits an XML external entity vulnerabilit...

April 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Tags Security Advisory Securi...

Friday Squid Blogging: Fried Squid Recipe

This is an easy fried squid recipe with saffron and agrodolce. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Facebook Exposed Data Again, but This Viral Cat Can Save Lives

Catch up on the most important news today in 2 minutes or less...

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...

LogicalDOC 8.2 Path Traversal Vulnerability

Impact In order to exploit this vulnerability an attacker needs to be an authenticated read-only user of the role guest. The attacker can read arbitrary files and create arbitrary directories on the server with the permissions of the user running the web server. It is recommended to update...

WPScan v3.4.5 - Black Box WordPress Vulnerability Scanner

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites Optional but highly recommended: RVM Ruby = 2.3 - Recommended: latest Ruby 2.5.0 to 2.5.3 can caus...

Your Facebook Password Isn’t Safe. Neither Is Your Android Phone

Catch up on the most important tech news today in two minutes or less...

Beers with Talos Ep. #49: POS Malware, RSA Highlights, and SOL OpSec Fails

Beers with Talos BWT Podcast Ep. 49 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded March 15, 2019. We recorded this after coming back from RSA, with some on-location highlights included. This episode ope...