Big Data and Cybersecurity: Opportunity or Threat?

By Marie Fincher Suppose you write for a living. You write articles and blog posts for a number of clients. In the course of that writing, you have to do a lot of research, accessing data and information from all over the web. The inevitable happens. You get hacked or you pick up a virus...

Linux Kernel 4.11.8 - mq_notify: double sock_put() Local Privilege Escalation

Linux Kernel 4.11.8 - mqnotify: double sockput Local Privilege Escalation / CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target...

Friday Squid Blogging: Squid Protein Used in Variable Thermal Conductivity Material

This is really neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Beers with Talos Ep. #38 — More fun with VPNFilter; Getting pwnd via spreadsheet

Beers with Talos BWT Podcast Ep. 38 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 38 show notes: Recorded Sept. 21, 2018 — The whole crew is back together! On the agenda today is VPNFilter part III, now...

CVE-2018-17391

SQL Injection exists in authorspost.php in Super Cms Blog Pro 1.0 via the author parameter...

CVE-2018-17391

SQL Injection exists in authorspost.php in Super Cms Blog Pro 1.0 via the author parameter...

Sql injection

SQL Injection exists in authorspost.php in Super Cms Blog Pro 1.0 via the author parameter...

CVE-2018-17391

SQL Injection exists in authorspost.php in Super Cms Blog Pro 1.0 via the author parameter...

CVE-2018-17391

CVE-2018-17391 describes an SQL injection in Super Cms Blog Pro 1.0, exploitable via the authors_post.php?author= parameter. Multiple sources (NVD, CVE list, CNVD, Prion, CIRCL) reference the same vulnerability with the same affected component and entry. Public exploit and proof-of-concept activi...

Super Cms Blog Pro SQL Injection Vulnerability

Super Cms Blog Pro is a personal blogging system. A SQL injection vulnerability exists in Super Cms Blog Pro version 1.0. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Super Cms Blog Pro 1.0 - SQL Injection

Super Cms Blog Pro 1.0 - SQL Injection Exploit Title: Super Cms Blog Pro 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://coolscript.cf/ Software Link: https://www.codegrape.com/item/super-cms-blog-pro/22250 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

Super Cms Blog Pro 1.0 SQL Injection

Exploit Title: Super Cms Blog Pro 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://coolscript.cf/ Software Link: https://www.codegrape.com/item/super-cms-blog-pro/22250 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-17391 Exploit Author: Ihsan...

Super Cms Blog Pro 1.0 - SQL Injection

Exploit Title: Super Cms Blog Pro 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://coolscript.cf/ Software Link: https://www.codegrape.com/item/super-cms-blog-pro/22250 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-17391 Exploit Author: Ihsan...

Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction

On James Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

blog.4d.com XSS vulnerability

Open Bug Bounty ID: OBB-678356 Description| Value ---|--- Affected Website:| blog.4d.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

FreeBSD : moodle -- multiple vulnerabilities (074cb225-bb2d-11e8-90e1-fcaa147e860e)

moodle reports : Moodle XML import of ddwtos could lead to intentional remote code execution QuickForm library remote code vulnerability upstream Boost theme - blog search GET parameter insufficiently filtered C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Public Shaming of Companies for Bad Security

Troy Hunt makes some good points, with good examples...

Edward Snowden on Protecting Activists Against Surveillance

“Turnkey tyranny” has never been closer. For some communities, it feels like it’s already here...

CVE-2018-14631

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...

CVE-2018-14631

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...