CVE-2018-7274

Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog Title, FAQ Question, Pages Title, Widgets Name, and Menus Name...

CVE-2018-7274

CVE-2018-7274 affects Yab Quarx CMS (through 2.4.3). It is a persistent Cross-Site Scripting vulnerability affecting multiple fields: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). Root cause: insufficient sanitization of user-supplied input. Impact: remote-exploit...

CVE-2018-7197

An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting XSS vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL...

Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection

Exploit Title: Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor: http://coderspirit.blogspot.com.tr/2011/07/jquickcontact.html Software: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/jquickcontact/ Download:...

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery

...

ReelPhish - A Real-Time Two-Factor Phishing Tool

ReelPhish simplifies the real-time phishing technique. The primary component of the phishing tool is designed to be run on the attacker’s system. It consists of a Python script that listens for data from the attacker’s phishing site and drives a locally installed web browser using the Selenium...

Cyber resilience for the modern enterprise

Many organizations are undergoing a digital transformation that leverages a mix of cloud and on-premises assets to increase business efficiency and growth. While increased dependence on technology is necessary for this transformation, and to position the business for success, it does pose risks...

Cyber resilience for the modern enterprise

Many organizations are undergoing a digital transformation that leverages a mix of cloud and on-premises assets to increase business efficiency and growth. While increased dependence on technology is necessary for this transformation, and to position the business for success, it does pose risks...

Z-BlogPHP Information Disclosure Vulnerability

Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A security vulnerability exists in Z-BlogPHP version 1.5.1. A remote attacker can exploit the vulnerability by sending a direct request to the zbsystem/function/lib/upload.php file to obtain the full path...

toryburch.fr XSS vulnerability

Open Bug Bounty ID: OBB-555250 Description| Value ---|--- Affected Website:| toryburch.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Windows Defender Application Control の紹介

本記事は、Windows Security のブログ “Introducing Windows Defender Application Control” 2017 年 10 月 23 日 米国時間...

blog.urlaubswerk.de XSS vulnerability

Open Bug Bounty ID: OBB-551089 Description| Value ---|--- Affected Website:| blog.urlaubswerk.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

blog-feed.de XSS vulnerability

Open Bug Bounty ID: OBB-550602 Description| Value ---|--- Affected Website:| blog-feed.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Task Rabbit Clone SQL Injection Vulnerability

Task Rabbit Clone is a set of PHP-based scripts for online service marketplace websites. A SQL injection vulnerability exists in Task Rabbit Clone version 1.0. A remote attacker can inject SQL commands by sending the 'id' parameter to the singleblog.php file...

ソーシャル エンジニアリングによって引き起こされる攻撃を途絶させる方法

本記事は、Microsoft Secure ブログ “How to disrupt attacks caused by social engineering” 2018 年 1 月 10 日 米国時間...

CVE-2018-6363

SQL Injection exists in Task Rabbit Clone 1.0 via the singleblog.php id parameter...

recipe-blog.jp XSS vulnerability

Open Bug Bounty ID: OBB-547512 Description| Value ---|--- Affected Website:| recipe-blog.jp Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure base...

Windows システム上の Spectre および Meltdown に対する緩和策のパフォーマンスへの影響について

本記事は、Microsoft Secure ブログ “Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems”...

Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated

The New Zealand home of the colossal squid exhibit is behind renovated. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

vicky-berrocal.blogs.elle.es XSS vulnerability

Open Bug Bounty ID: OBB-528589 Description| Value ---|--- Affected Website:| vicky-berrocal.blogs.elle.es Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...