Cross site scripting

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...

UBUNTU-CVE-2018-14631

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...

CVE-2018-14631

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...

CVE-2018-14631

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...

CVE-2018-14631

CVE-2018-14631 affects Moodle before versions 3.5.2, 3.4.5, and 3.3.8. The vulnerability arises in the Boost theme’s blog search: the GET parameter used for search is not sufficiently filtered, and the breadcrumb navigation rendered for search results can be exploited to perform a reflected Cross...

nagaokakoumuten.com XSS vulnerability

Open Bug Bounty ID: OBB-677277 Description| Value ---|--- Affected Website:| nagaokakoumuten.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Friday Squid Blogging: Dissecting a Giant Squid

Lessons learned. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

blog.verisign.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-675518 Description| Value ---|--- Affected Website:| blog.verisign.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

September 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...

September 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...

CVE-2018-16780

Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment...

CVE-2018-16780

Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment...

CVE-2018-16780

Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment...

CVE-2018-16780

CVE-2018-16780 affects Complete Responsive CMS Blog up to 2018-05-20 and is due to an XSS via user comments. The available documents confirm the vulnerability type but do not provide product version details, exact vulnerable components, root cause specifics, exploit information, or remediation st...

Java-Stager - A PoC Java Stager Which Can Download, Compile, And Execute A Java File In Memory

A PoC Java Stager which can download, compile, and execute a Java file in memory. This is for research purposes only, do not use this where you are unauthorised to do so. What is this? This is based on the work of James Williams from his talk "Next Gen AV vs My Shitty Code" available here: The ke...

Reddit AMA

I did a Reddit AMA on Thursday, September 6...

moodle -- multiple vulnerabilities

moodle reports: Moodle XML import of ddwtos could lead to intentional remote code execution QuickForm library remote code vulnerability upstream Boost theme - blog search GET parameter insufficiently filtered...

CVE-2018-16449

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...

Cross site request forgery (csrf)

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...

CVE-2018-16449

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...