Cross site request forgery (csrf)

A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33...

Cross site scripting

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

catfish blog cross-site scripting vulnerability

Catfish blog is a set of open source blog system developed using the PHP language . A cross-site scripting vulnerability exists in Catfish blog version 2.0.33. A remote attacker can exploit this vulnerability to inject code...

catfish blog cross-site request forgery vulnerability

Catfish blog is a set of open source blog system developed using the PHP language . A cross-site request forgery vulnerability exists in admin/Index/tiquan in Catfish blog version 2.0.33. A remote attacker can exploit this vulnerability to change the user type...

native-phrase-blog.com XSS vulnerability

Open Bug Bounty ID: OBB-691828 Description| Value ---|--- Affected Website:| native-phrase-blog.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

CVE-2018-18735

A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33...

CVE-2018-18736

CVE-2018-18736 corresponds to an XSS vulnerability in catfish blog 2.0.33 (described as related to “write source code”). Affected component: catfish blog (version 2.0.33). Root cause details are not fully specified in the provided documents beyond the XSS note. Potential impact is cross-site scri...

CVE-2018-18735

CVE-2018-18735 describes a cross-site request forgery in Catfish Blog 2.0.33, specifically in the admin/Index/tiquan functionality. The CVE entry notes a CSRF vulnerability that could allow an attacker to affect user roles (e.g., change user type) given the documented access path. From the initia...

CVE-2018-18736

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

Leanote cross-site scripting vulnerability (CNVD-2018-21793)

Leanote is an open source notepad application. A cross-site scripting vulnerability exists in the Blog Basic Setting page in Leanote version 2.6.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the title field...

On Disguise

The former CIA Chief of Disguise has a fascinating video about her work...

セキュリティ更新プログラム リリース スケジュール (2019 年)

2018 年のリリース スケジュールは「セキュリティ更新プログラム リリース スケジュール 2018 年」をご覧ください。...

Design/Logic Flaw

Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page...

CVE-2018-18553

Leanote 2.6.1 is affected by a cross-site scripting (XSS) vulnerability in the Blog Basic Setting title field, exploitable via rendering of the  Likes page. The issue stems from mishandling the title field during page rendering, allowing injected scripts/HTML to execute in affected contexts. Pub...

Friday Squid Blogging: Roasted Squid with Tomatillo Salsa

Recipe and commentary. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Tumblr Privacy Bug Could Have Exposed Sensitive Account Data

Tumblr on Wednesday disclosed it had fixed a vulnerability that could have exposed sensitive account information including usernames/passwords and individual IP addresses. However, the company stressed there’s no evidence that any data was exposed. The bug existed in the “Recommended Blogs” featu...

Tumblr Patches A Flaw That Could Have Exposed Users' Account Info

Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts. The affected information included users email addresses, protected hashed and salted...

October 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...

Linux Kernel < 4.11.8 - mq_notify: double sock_put() Local Privilege Escalation Exp

Exploit for linux platform in category local exploits / CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target, it requires...

Google+ Shuts Down Over Breach as Google Offers New Privacy Features

Google got caught hiding a privacy issue affecting 500,000 users on the same day it rolled out privacy protections...