CVE-2016-4880

CVE-2016-4880 is a stored cross-site scripting vulnerability in baserCMS environments, affecting baserCMS core (3.0.10 and earlier) and the Blog plugin (3.0.10 and earlier). The incident arises from insufficient input filtering, allowing an attacker with Administrative access to inject arbitrary ...

CVE-2016-4881

CVE-2016-4881 is a CSRF vulnerability affecting baserCMS when the Blog plugin (and related components) is enabled. The affected scope is baserCMS version 3.0.10 and earlier, including the Blog plugin version 3.0.10 and earlier. The root cause is cross-site request forgery that can allow a logged-...

actioncoachportugal.pt XSS vulnerability

Open Bug Bounty ID: OBB-235875 Description| Value ---|--- Affected Website:| actioncoachportugal.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Encapsulated PostScript (EPS) の脆弱性を利用した攻撃に対処するために団結する

本記事は、MSRC Team のブログ “Coming together to address Encapsulated PostScript EPS attacks” 2017 年 5 月 9 日 米国時間公開 を翻...

BanManager WebUI 1.5.8 - PHP Code Injection

BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/BanManagement/BanManager-WebUI Software Link:...

Crypttech CryptoLog - Remote Code Execution (Metasploit)

Crypttech CryptoLog - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Crypttech CryptoLog Remote Code Execution", 'Description' = %q This module exploits the sql...

HandBrake for Mac Compromised with Proton Spyware

The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the Mac version of the software that they’re likely infected with malware. HandBrake warned users on Saturday of a compromise of one of its mirror download servers, and said anyone who grabbed th...

MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)

MediaCoder 0.8.48.5888 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title : MediaCoder 0.8.48.5888 Local Buffer Overflow SEH CVE : CVE-2017-8869 Exploit Author : Muhann4d @0xSecured Vendor Homepage : http://www.mediacoderhq.com Vulnerable Software:...

CVE-2016-7839

Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter...

Cross site scripting

Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter...

CVE-2016-7839

Olive Blog (affected product) is vulnerable to cross-site scripting via the search parameter due to a flaw in processing that parameter. The vulnerability allows an arbitrary script to run in the user’s browser. There is no publicly documented patch in the provided sources; remediation guidance f...

CVE-2016-7839

Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter...

CVE-2017-7415

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource...

TYPO3 News Module SQL Injection

Exploit Title: TYPO3 News Module SQL Injection Vendor Homepage: https://typo3.org/extensions/repository/view/news Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/typo3-news-module-sqli !/usr/bin/python3 TYPO3 News Module SQL Injection...

FTC Releases Announcement on Identity Theft

The Federal Trade Commission FTC recommends that consumers who are affected by identity theft file a report at IdentityTheft.gov—a one-stop resource to help you report and recover from identity theft. Information provided there includes checklists, sample letters, and links to other resources...

PLAIN- Sharp(#) blog - Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application PLAIN- Sharp blog published at the 'play' market has multiple vulnerabilities...

ShadowBroker release of NSA tools in the Esteemaudit vulnerability reproduction process-vulnerability warning-the black bar safety net

Recently the infamous equation tissue kit again is disclosed, TheShadowBrokers in steemit. com blog provides related message. The following is one of Esteemaudit vulnerability reproduction process. Preparation IP System information Use Note 192.168.146.132 Windows xp Attack aircraft Need Ann...

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1081 Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10...

blog.goanimate.com XSS vulnerability

Vulnerable URL: https://blog.goanimate.com/?bselected=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check blog.goanimate.com SSL...

CVE-2016-1179

Cross-site scripting XSS vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML...