Security Bulletin: Security vulnerability has been identified in IBM Tivoli Monitoring, Tivoli Provisioning Manager for OS Deployment and IBM Tivoli Monitoring for Energy Management shipped with IBM System Director Editions (CVE-2014-0963, CVE-2014-0076)

Summary A security vulnerability has been identified in IBM Tivoli Monitoring, Tivoli Provisioning Manager for OS Deployment and IBM Tivoli Monitoring for Energy Management shipped with IBM System Director Editions. CVE-2014-0963, CVE-2014-0076 Vulnerability Details Abstract IBM Tivoli Monitoring...

Exploit for Out-of-bounds Write in Dlink Dcs-930L_Firmware

D-Link Exploit The exploit exists in the devices server, alpha...

Friday Squid Blogging: Squid Lollipops

Two squid lollipops, handmade by Shinri Tezuka. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

ThinkPHP 5.X - Remote Command Execution

Exploit Title: thinkphp 5.X RCE Date: 2019-1-14 Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None https://github.com/SkyBlueEternal/thinkphp-RCE-POC-Collection...

ThinkPHP 5.X - Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: thinkphp 5.X RCE Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None...

CoalfireOne Special Notes

PCI-DSS can be challenging to navigate - particularly when it comes to the ASV scanning requirements. While fulfilling the scanning requirement is easy, obtaining a passing attestation report may involve more than simply remediating failed findings. One requirement that we receive many questions...

Happy 16th Birthday TaoSecurity Blog

Today, 8 January 2019, is TaoSecurity Blog's 16th birthday! This is also my 3,041st blog post. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. Here are a few statistics on the blog. Blogger started providing statistics in May 2010, so these...

Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)

Mailcleaner - Authenticated Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the...

Embed Video Scripts - Persistent Cross-Site Scripting

Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/ Software Link:...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +5714 more potentially affected by CVE-2018-19360 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.2)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2018-19360 Source advisory: OSV:GHSA-F9HV-MG5H-XCW9...

No-CMS Cross-Site Scripting Vulnerability

No-CMS is a free content management system. The system supports authentication and authorization, custom themes and module extensions. A cross-site scripting vulnerability exists in No-CMS version 1.1.3. A remote attacker can use the 'keyword' parameter on the blog/managearticle page to inject...

Simply-Blog SQL Injection Vulnerability

Simply-Blog is a versatile content management panel based on PHP and MySQL. A SQL injection vulnerability exists in the admin/deleteCategories.php file in Simply-Blog 2019-01-01 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help ...

CVE-2019-3494

Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter...

CVE-2019-3494

Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter...

Sql injection

Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter...

CVE-2019-3494

Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter...

CVE-2019-3494

CVE-2019-3494 affects Simply-Blog and is caused by an SQL Injection in the admin/deleteCategories.php delete parameter. The vulnerability allows an attacker to inject arbitrary SQL commands via the delete parameter in Simply-Blog versions prior to or up to 2019-01-01, as described in multiple fee...

Cross site scripting

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle "keyword" parameter...

CVE-2018-19901

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle/index/ "articletitle" parameter...

Cross site scripting

No-CMS 1.1.3 is prone to Persistent XSS via the blog/managearticle/index/ "articletitle" parameter...