jQuery Official Blog Hacked — Stay Calm, Library is Safe!

The official blog of jQuery—most popular JavaScript library used by millions of websites—has been hacked by some unknown hackers, using the pseudonym "str0ng" and "n3tr1x." jQuery's blog website blog.jquery.com runs on WordPress—the world's most popular content management system CMS used by...

scotch-blog (>=0.1.0 <=0.1.7) potentially affected by CVE-2015-5688 via geddy (>=0.8.14 <=0.9.18)

geddy NPM version =0.8.14, =0.1.0, =0.1.7 Source cves: CVE-2015-5688 Source advisory: OSV:GHSA-333X-9VGQ-V2J4...

blog.zoodfood.com XSS vulnerability

Open Bug Bounty ID: OBB-363666 Description| Value ---|--- Affected Website:| blog.zoodfood.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

blog.eset.ro XSS vulnerability

Open Bug Bounty ID: OBB-363616 Description| Value ---|--- Affected Website:| blog.eset.ro Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Wondermark on Security

Another comic...

CVE-2017-15539

SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php...

CVE-2017-15539

SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php...

Sql injection

SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php...

CVE-2017-15539

CVE-2017-15539 affects the zorovavi/blog system, where the vulnerability is a SQL injection in the recept.php script triggered by the id parameter (through 2017-10-17). The connected records corroborate the same description across multiple sources (CVE records, CNVD, Red Hat, CVE list, etc.), con...

CVE-2017-15539

SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php...

My Blogging

Blog regulars will notice that I haven't been posting as much lately as I have in the past. There are two reasons. One, it feels harder to find things to write about. So often it's the same stories over and over. I don't like repeating myself. Two, I am busy writing a book. The title is still:...

binutils 2.29.51.20170921 - &#039;read_1_byte&#039; Heap Buffer Overflow

Source: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read1byte-dwarf2-c/ Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE...

Disqus Hacked: 17.5 Million Users Affected

By Uzair Amir Who doesn’t know about Disqus? It is the most commonly This is a post from HackRead.com Read the original post: Disqus Hacked: 17.5 Million Users Affected...

pureblue.co.nz Open Redirect vulnerability

Vulnerable URL: http://www.pureblue.co.nz/blog/ct.ashx?id=62d34980-731b-454a-8e20-006d7af090b6=data%3Atext%2Fhtml%3Bbase64%2CPHNjcmlwdD5hbGVydCgvT1BFTkJVR0JPVU5UWS8pPC9zY3JpcHQ%2B Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 04.01.2018...

サイバー レジリエンスに関するマイクロソフトの見解

本記事は、Ann Johnson Vice President、Enterprise Cybersecurity Group による Microsoft Secure Blog への投稿 “Microso...

Paragon Initiative Enterprises: CSRF token does not valided during blog comment

SUMMURY ================= i tested that all post request has CSRF token. During Author profile creation also a CSRF token is posted. Now when i removed this CSRF token , show s error like bellow CSRF validation failed 0 /var/www/csprng/src/Cabin/Bridge/Controller/Author.php52:...

Dnsmasq Information Leak

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup instructions available. Setup a simple network with...

Dnsmasq &lt; 2.78 - Integer Underflow

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...

blog.roblox.com XSS vulnerability

Open Bug Bounty ID: OBB-318419 Description| Value ---|--- Affected Website:| blog.roblox.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Friday Squid Blogging: Squid Empire Is a New Book

Regularly I receive mail from people wanting to advertise on, write for, or sponsor posts on my blog. My rule is that I say no to everyone. There is no amount of money or free stuff that will get me to write about your security product or service. With regard to squid, however, I have no such...