7736 matches found
CVE-2018-16449
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...
yasarkizilkum.com.tr XSS vulnerability
Open Bug Bounty ID: OBB-672518 Description| Value ---|--- Affected Website:| yasarkizilkum.com.tr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
fukushima-blog.com XSS vulnerability
Open Bug Bounty ID: OBB-670929 Description| Value ---|--- Affected Website:| fukushima-blog.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Security Bulletin: Official Statement On Spectre and Meltdown
Summary IBM Security statement on the Spectre and Meltdown vulnerabilities Vulnerability Details As many clients are likely aware of by now, 2 major security flaws impacting chipsets across the PC and mobile spectrums have unfolded over the last day or so. Meltdown Intel only and Spectre...
Electron WebPreferences - Remote Code Execution
Electron WebPreferences - Remote Code Execution CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windo...
Electron WebPreferences - Remote Code Execution
CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions 3.0.0-beta.6, 2.0.7,...
Analysis and mitigation of L1 Terminal Fault (L1TF)
In January 2018, Microsoft released an advisory and security updates for a new class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown. In this blog post, we will provide a technical analysis of a new speculative execution side channel...
CVE-2018-3646
creationtimestamp| type| source ---|---|--- 2018-08-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2018/08/analysis-and-mitigation-of-l1-terminal-fault-l1tf/ 2018-08-15 21:03:32+00:00| seen| https://t.me/canyoupwnme/4249 2018-09-02 06:22:17+00:00| seen| https://t.me/QubesOS/248...
CVE-2018-3620
creationtimestamp| type| source ---|---|--- 2018-08-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2018/08/analysis-and-mitigation-of-l1-terminal-fault-l1tf/ 2018-08-15 21:03:32+00:00| seen| https://t.me/canyoupwnme/4249 2018-09-02 06:22:17+00:00| seen| https://t.me/QubesOS/248...
Backend Login Bypass Vulnerability in Tale Blog System
Tale blog system is a java development blog system. A backend login bypass vulnerability exists in Tale Blog System. An attacker can exploit this vulnerability to construct a cookie to log into any account...
Friday Squid Blogging: New Tool for Grabbing Squid and other Fragile Sea Creatures
Interesting video of a robot grabber that's delicate enough to capture squid and even jellyfish in the ocean. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
xkcd on Voting Computers
Funny and true...
blog.surecritic.com XSS vulnerability
Open Bug Bounty ID: OBB-661753 Description| Value ---|--- Affected Website:| blog.surecritic.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition
This morning we are excited to unveil the security researcher leaderboard at the Black Hat Security Conference. This list recognizes the top security researchers who have contributed research to the Microsoft products and services. If you are curious on how we build the list, check out our blog...
Microsoft’s Top 100 Security Researchers – Black Hat 2018 Edition
This morning we are excited to unveil the security researcher leaderboard at the Black Hat Security Conference. This list recognizes the top security researchers who have contributed research to the Microsoft products and services. If you are curious on how we build the list, check out our blog...
Friday Squid Blogging: Calamari Squid Catching Prey
The calamari squid grabs prey three feet away with its fast tentacles. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
ClamAV < 0.100.1 Multiple Vulnerabilities
According to its version, the ClamAV clamd antivirus daemon running on the remote host is prior to 0.100.1. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid111517; scriptversion"1.6";...
Super CMS Blog Pro PHP Script 1.0 Cross Site Scripting
Exploit Title: Super Cms Blog Pro PHP Script v1.0 - XSS Google Dork: N/A Date: 2018/28/7 Exploit Author: GUIA Brahim Fouad Author Mail : [email protected] Vendor Homepage: https://www.codester.com/Seunex Software Buy: https://www.codester.com/items/8005/super-cms-blog-pro-php-script Demo...
blog-emploi.com XSS vulnerability
Open Bug Bounty ID: OBB-654648 Description| Value ---|--- Affected Website:| blog-emploi.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...
Friday Squid Blogging: Dead Squid on Prince Edward Island
A beach on Prince Edward Island is littered with dead squid. No one knows why. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...