i1.disneyfoodblog.com XSS vulnerability

Open Bug Bounty ID: OBB-621805 Description| Value ---|--- Affected Website:| i1.disneyfoodblog.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)

Linux/x86 - Reverse 10.0.7.17:4444/TCP Shell /bin/sh Shellcode 101 Bytes. Shellcode exploit for Linuxx86 platform / Name : Jonathan "Chops" Crosby Email : [email protected] Twitter : @securitychops Website : https://securitychops.com Blog Post :...

Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)

/ ; Title : Linux/x86 - Reverse TCP Shell Shellcode 68 bytes ; Date : May, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 68 bytes ; Tested on : i686 GNU/Linux section .text global start start: xor ecx, ecx mul...

theegek.nl XSS vulnerability

Open Bug Bounty ID: OBB-620914 Description| Value ---|--- Affected Website:| theegek.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation

The WordPress application running on the remote web server is version 4.7.x prior to 4.7.2. It is, therefore, affected by a privilege escalation vulnerability in the REST API due to a failure to properly sanitize user- supplied input to the 'id' parameter when editing or deleting blog posts. An...

Vote for Malwarebytes Labs: European Security Blogger Awards 2018

It's nearly time for Infosec Europe 2018, and that means it's also time to consider voting for your favourite security blogs, podcasts, video channels, and more for the upcoming European Security Blogger Awards. Thanks to your generous votes, we've been fortunate enough to pick up the award for...

CVE-2018-3639

creationtimestamp| type| source ---|---|--- 2018-05-21 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2018/05/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/ 2018-05-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44695 2018-05-22 07:26:30+00:00| seen|...

SQL Injection Vulnerability in Axublog Version 1.1.0

Axublog is a PHP personal blog system. A SQL injection vulnerability exists in Axublog version 1.1.0. An attacker can exploit the vulnerability to obtain sensitive database information...

blog.penelopetrunk.com XSS vulnerability

Open Bug Bounty ID: OBB-618008 Description| Value ---|--- Affected Website:| blog.penelopetrunk.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

May 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

May 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

A bug stored Twitter passwords in plain text so change your password

By Carolina Twitter, the social network, and online news giant is sending notifications This is a post from HackRead.com Read the original post: A bug stored Twitter passwords in plain text so change your password...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 30, 2018

When I was little, I discovered the joy of jumping on the bed. While it was fun to jump on the bed, I wanted to make it more challenging so I started to imitate the ski jumpers I had seen during the 1976 Winter Olympics and jump from my parents’ dresser to the bed. I quickly found out there’s a...

clustercoding Blog Master Pro CSV Injection Vulnerability

clustercoding Blog Master Pro is a personal blog system based on Laravel framework. The system has a blog management , comment management and site configuration file management and other functions . A CSV injection vulnerability exists in clustercoding Blog Master Pro version 1.0. An attacker can...

CVE-2018-10680

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance, noting ...

PT-2018-10049 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.2 Description: The issue allows an administrator to inject a Cross Site Scripting XSS payload via the ZC BLOG NAME parameter in the "Web site settings -- Basic setting -- Website title" section, accessible through the zb...

thesmithcenter.com XSS vulnerability

Open Bug Bounty ID: OBB-610904 Description| Value ---|--- Affected Website:| thesmithcenter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-10255

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

CVE-2018-10255

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

Input validation

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...