7736 matches found
Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change
In the init action, this plugin checked to see if $POST'likebtnimportconfig' is empty. If it’s not empty then it base64-decodes the string, parses it as JSON, and starts changing options. This could allow attackers to change blog settings such as the Site Title. The below form will set the “Site...
News Magazine And Blog CMS 1.0 SQL Injection
Exploit Title: News Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/news-dynamic-newspaper-magazine-and-blog-cms-script/19656143 Demo: http://demo.geniusocean.com/news/ Version: 1.0 Category:...
Responsive Newspaper Magazine&Blog CMS SQL Injection Vulnerability
Responsive Newspaper Magazine&Blog CMS is a content management system mainly used for information websites. A SQL injection vulnerability exists in Responsive Newspaper Magazine&Blog CMS version 1.0. A remote attacker can inject SQL commands by sending the 'id' parameter to the...
Emlog blog system has an arbitrary file deletion vulnerability
emlog is a PHP and MySQL based blog and CMS builder. There is an arbitrary file deletion vulnerability in the Emlog blog system. The vulnerability is due to the program on the parameters of the filter is not strict due to the attacker by adding a malicious payload execution, you can delete...
Attack on Old ANSI Random Number Generator
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here's the research paper, the website -- complete with cute logo -- for the attack, and Matthew...
CVE-2017-15982
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/adminprocess.php for form editing...
Sql injection
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/adminprocess.php for form editing...
Sql injection
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/adminprocess.php for form editing...
Sql injection
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/adminprocess.php for form editing...
CVE-2017-15981
CVE-2017-15981 affects the Text/Content CMS “Responsive Newspaper Magazine & Blog CMS 1.0.” The vulnerability is SQL Injection via the id parameter on admin/admin_process.php during form editing. It is confirmed in multiple sources (NVD entry; related advisories and exploit references) and is exp...
CVE-2017-15982
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/adminprocess.php for form editing...
CVE-2017-15983
Affected software: MyMagazine Magazine & Blog CMS 1.0. Vulnerability: SQL Injection via the id parameter to admin/admin_process.php during form editing (e.g., id=[SQL]). Root cause is improper input handling allowing crafted SQL payloads to be executed by the backend. Impact (as stated): Exploita...
CVE-2017-15982
CVE-2017-15982 affects Dynamic News Magazine & Blog CMS 1.0. The vulnerability is an SQL injection via the id parameter to admin/admin_process.php used during form editing, allowing an attacker to inject SQL commands. Multiple sources corroborate the issue across CVE records and public advisories...
CVE-2017-15981
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/adminprocess.php for form editing...
CVE-2017-15983
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/adminprocess.php for form editing...
News 1.0 - SQL Injection
News 1.0 - SQL Injection Exploit Title: News Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/news-dynamic-newspaper-magazine-and-blog-cms-script/19656143 Demo: http://demo.geniusocean.com/news/...
MyMagazine 1.0 - 'id' SQL Injection
Exploit Title: MyMagazine Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/mymagazine-bootstrap-newspaper-magazine-and-blog-cms-script/19620468 Demo: http://demo.geniusocean.com/mymagazine/...
Newspaper 1.0 - SQL Injection
Exploit Title: Newspaper Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/mymagazine-fully-responsive-magazine-cms/19493325 Demo: http://demo.geniusocean.com/newspaper/ Version: 1.0 Category:...
News 1.0 - SQL Injection
Exploit Title: News Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/news-dynamic-newspaper-magazine-and-blog-cms-script/19656143 Demo: http://demo.geniusocean.com/news/ Version: 1.0 Category:...
jQuery Blog Gets Hacked – Hackers Compromise CoinHive’s DNS
By Waqas In two different incidents, security of high profile platforms was This is a post from HackRead.com Read the original post: jQuery Blog Gets Hacked Hackers Compromise CoinHives DNS...