Friends in War Make or Break SQL Injection Vulnerability

Make or Break is a is a parenting blog. Friends in War Make or Break suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information such as data...

Eternal Synergy Exploit Analysis

Introduction Recently we announced a series of blog posts dissecting the exploits released by the ShadowBrokers in April 2017; specifically some of the less explored exploits. This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is particularly...

alfaromeoofscottsdale.com XSS vulnerability

Vulnerable URL: http://www.alfaromeoofscottsdale.com/blog/2017/february/15/youre-invited-2017-alfa-romeo-giulia-launch-party-feb-24.htm/"--!"/ Details: Description| Value ---|--- Patched:| Yes, at 27.11.2017 Latest check for patch:| 27.11.2017 09:39 GMT Vulnerability type:| XSS Vulnerability...

Learning PowerShell: The basics

I bet I went about learning PowerShell the wrong way, so I may need your help, readers of this blog. If only to organize my knowledge and use it for the fight against malware and not just to figure out how it was used in malware. The first serious look I had at PowerShell was when I was trying to...

Friday Squid Blogging: Why It's Hard to Track the Squid Population

Counting squid is not easy. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Information Disclosure

Moodle is vulnerable to information disclosure attacks. When viewing comments on a blog post, there is no verification of viewing permissions. This allows attackers to read the comments that can potentially contain sensitive information...

blog.teengayhardcore.com XSS vulnerability

Vulnerable URL: http://blog.teengayhardcore.com/?nats=t" onmouseover=alert/OPENBUGBOUNTY/;MC4wLjExMy4xMTQuMC4wLjAuMC4w Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

blog.gaygroupsexvideos.com XSS vulnerability

Vulnerable URL: http://blog.gaygroupsexvideos.com/?nats=t" onmouseover=alert/OPENBUGBOUNTY/;MC4wLjExMy4xMTQuMC4wLjAuMC4w Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / No...

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2017-18106)

Subrion CMS is a powerful and easy-to-use PHP content management system with full source editing, per-page permissions, user activity monitoring and other powerful features. Subrion CMS suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject arbitrary...

CVE-2017-10795

Cross-site scripting XSS vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069...

CVE-2017-10795

Cross-site scripting XSS vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069...

WakaTime: HTML - injection

Hello try to write this Done test in the comments it will run. https://wakatime.com/blog/26-download-your-team-activity-as-csvcomments...

Information Disclosure

Moodle is vulnerable to information disclosure. A malicious user can read a non-public file if it is referenced in a public blog entry...

Microsoft Edge に関する報奨金プログラムの拡張

本記事は、Microsoft Security Response Center のブログ “Extending the Microsoft Edge Bounty Program” 2017 年 6 月 21 日 米...

Sensitive Information Disclosure

moodle/moodle is vulnerable to information disclosure attacks. A flaw in blog/rsslib.php continues to provide a blog RSS feed when blogging is disabled. Attackers can leverage this feed to obtain sensitive information...

進化したウイルス対策

本記事は、 Microsoft Malware Protection Center のブログ “Antivirus evolved” 2017 年 5 月 8 日 米国時間公開 を翻訳したも...

Tales from the MSRC: from pixels to POC

Is this thing still on? It’s been a while since we’ve posted to this blog and we think it’s time to start posting deep technical content about Security Research & Defense SRD again. For readers who are new or may have forgotten, this blog is the home of the MSRC Vulnerabilities & Mitigations...

SQL Injection Vulnerability in Axublog Blog System

axublog is a PHP personal blog system. A SQL injection vulnerability exists in the Axublog blog system. An attacker can exploit this vulnerability to obtain sensitive information from the database...

Two SQL Injection Vulnerabilities in Axublog Blog System

axublog is a PHP personal blog system. Two SQL injection vulnerabilities exist in Axublog blog system. An attacker can exploit the vulnerabilities to obtain database information...

SQL Injection Vulnerability in the Frontend of Axublog Blog System

axublog is a PHP personal blog system. A SQL injection vulnerability exists in the frontend of the Axublog blog system. An attacker can exploit this vulnerability to obtain sensitive database information...