CVE-2018-14422

blog/index.php in SansCMS 0.7 has XSS via the q parameter...

CVE-2018-14422

blog/index.php in SansCMS 0.7 has XSS via the q parameter...

SansCMS Cross-Site Scripting Vulnerability

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A cross-site scripting vulnerability exists in the blog/index.php file in SansCMS version 0.7. A remote attacker can exploit this vulnerabilit...

CVE-2018-14422

blog/index.php in SansCMS 0.7 has XSS via the q parameter...

CVE-2018-14422

SansCMS 0.7 contains a cross-site scripting vulnerability in blog/index.php via the q parameter. The issue allows injection of arbitrary web script/HTML, with the impact described as partial integrity compromise and low confidentiality impact in CVSS terms. No precise exploit details are provided...

frank-hagenow.com XSS vulnerability

Open Bug Bounty ID: OBB-650282 Description| Value ---|--- Affected Website:| frank-hagenow.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

HTTP+TLS and IPV6-Enablement Both in the Majority for World Cup Streaming

The underlying protocols of the Internet continue to evolve, and massive events such as the World Cup are a great opportunity to see this in action...

Axis Network Camera .srv-to-parhand RCE

This module exploits an auth bypass in .srv functionality and a command injection in parhand to execute code as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axis Network Camer...

Friday Squid Blogging: Antifungal Squid-Egg Coating

The Hawaiian bobtail squid coats its eggs with antifungal bacteria. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Security Bulletin: Information disclosure in Liberty for Java for IBM Cloud (CVE-2018-1553)

Summary There is an information disclosure in WebSphere Application Server Liberty using the SAML Web SSO feature. Vulnerability Details CVEID: CVE-2018-1553 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by mishandling ...

Common Questions and Answers Salesforce ISVs Need to Know for FedRAMP

Many Salesforce Independent Software Vendors ISVs are interested in pursuing FedRAMP to serve federal customers, but have many questions about the process. The four questions below are the most common questions that Coalfire receives from these ISV partners; we have provided some basic responses ...

HID discoveryd command_blink_on Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability in the discoveryd service exposed by HID VertX and Edge door controllers. This Metasploit module was tested successfully on a HID Edge model EH400 with firmware version 2.3.1.603 Build 04/23/2012. This modul...

Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Emptoris Sourcing

Summary Cross-site scripting vulnerability in IBM Emptoris Sourcing could allow an attacker to execute script in a victim's Web browser Vulnerability Details IBM Emptoris Sourcing is vulnerable to cross-site scripting, caused by improper validation of user supplied input. A remote attacker could...

Friday Squid Blogging: Fried Squid with Turmeric

Good-looking recipe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

springboardcourses.ie XSS vulnerability

Open Bug Bounty ID: OBB-638248 Description| Value ---|--- Affected Website:| springboardcourses.ie Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Executing Meterpreter on Windows 10 and Bypassing Antivirus

One of my Labs colleagues recently published an article on the Coalfire Blog about executing an obfuscated PowerShell payload using Invoke-CradleCrafter. This was very useful, as Windows Defender has upped its game lately and is now blocking Metasploits Web Delivery module. I wanted to demonstrat...

Did my comment on your blog get lost?

If you ever feel bad about your job because of mindless tasks you must perform day after day, or if you're bothered by the fact that your chosen work pays crap, produces nothing useful, and helps no one: have a look at blog comment spammers and breathe a sigh of relief. They make almost any job...

observatoriotui.com XSS vulnerability

Open Bug Bounty ID: OBB-636149 Description| Value ---|--- Affected Website:| observatoriotui.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Foxit Reader 9.0.1.1049 - Remote Code Execution

Foxit Reader 9.0.1.1049 - Remote Code Execution %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...

blog-emploi.com XSS vulnerability

Open Bug Bounty ID: OBB-635851 Description| Value ---|--- Affected Website:| blog-emploi.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...