Easy Blog PHP Script 1.3a - 'id' SQL Injection

Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

Easy Blog PHP Script 1.3a - id SQL Injection

Easy Blog PHP Script 1.3a - id SQL Injection Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2....

CVE-2017-8759 のエクスプロイトの検出と無効化

本記事は、Microsoft Malware Protection Center のブログ “Exploit for CVE-2017-8759 detected and neutralized” 2017 年 9 月 12...

Microsoft Office に関する報奨金プログラムの延長

本記事は、Microsoft Security Response Center のブログ “Extending the Microsoft Office Bounty Program” 2017 年 9 月 15 日 米...

Friday Squid Blogging: Using Squid Ink to Detect Gum Disease

A new dental imagery method, using squid ink, light, and ultrasound. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Cross-Site Scripting (XSS)

forkcms has cross-site scripting XSS vulnerability. The vulnerability is possible because the value returned by the getAllComments function in Frontend/Modules/Blog/Engine/Model.php is not properly escaped, allowing a malicious user to inject and execute arbitrary web script...

EMET II のさらに先へ - Windows Defender Exploit Guard

本記事は、Security Research & Defense のブログ "Moving Beyond EMET II – Windows Defender Exploit Guard" 2017 年 8 月 9 日 米国時間公開 を翻訳したもので...

tianchoy/blog SQL Injection Vulnerability

tianchoy/blog is a Chinese software developer Tian Chao developed a single-user blog creation program . A SQL injection vulnerability exists in tianchoy/blog 2017-09-12 and earlier versions. A remote attacker can exploit the vulnerability by sending the 'id' parameter to the view.php file to...

osTicket 1.10 - SQL Injection Vulnerability

Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication...

tianchoy/blog Arbitrary File Upload Vulnerability

tianchoy/blog is a Chinese software developer Tian Chao developed a single-user blog creation program . A security vulnerability exists in the upload.php file in tianchoy/blog 2017-09-12 and earlier versions. A remote attacker can exploit this vulnerability to upload arbitrary files and execute P...

CVE-2017-14345

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php...

Sql injection

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php...

CVE-2017-14345

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php...

Unrestricted file upload

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...

CVE-2017-14346

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...

CVE-2017-14345

CVE-2017-14345 affects the tianchoy/blog project, where a SQL injection is possible through the id parameter to view.php. The vulnerability is described across multiple sources (Red Hat, CNVD, NVD, CVE listings) as existing up to 2017-09-12, with the attack surface being the id parameter passed t...

CVE-2017-14345

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php...

CVE-2017-14346

CVE-2017-14346 affects the tianchoy/blog package. The vulnerability exists in upload.php and allows an attacker to upload arbitrary files and execute PHP code by abusing image content-types (image/jpeg, image/pjpeg, image/png, image/gif) for a .php file, enabling remote code execution. Affected v...

moz.com XSS vulnerability

Vulnerable URL: https://moz.com/blog/the-ultimate-guide-to-the-google-search-parameters/"'--! Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1636 VIP website status:| Yes Coordinated Disclosure Timeline:...

escapemotions.com XSS vulnerability

Vulnerable URL: https://www.escapemotions.com/blog.php?id="';--=interview-with-artist-junkyard-sam Details: Description| Value ---|--- Patched:| No Latest check for patch:| 08.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 160662 VIP website status:| No...