CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

CVE-2016-1179

Cross-site scripting XSS vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML...

CVE-2016-1178

The CVE-2016-1178 issue affects appleple a-blog cms up to version 2.6.0.1, where a flaw in the session management of the comment feature allows remote attackers to obtain or modify sensitive data. Related sources describe concrete impacts: an unauthenticated attacker could delete arbitrary commen...

CVE-2016-1178

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors...

CVE-2016-1179

Cross-site scripting XSS vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML...

CVE-2016-1179

The CVE-2016-1179 issue affects appleple a-blog cms (2.6.0.1 and earlier). The vulnerability is a Cross-site Scripting (XSS) in the standard template of the comment functionality, allowing an attacker to inject arbitrary script/HTML into user browsers. Affected component: the comment template in ...

The power of Wallarm search engine

In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...

assuredtelematics.com XSS vulnerability

Vulnerable URL: http://www.assuredtelematics.com/blog-details.php?id=834"alert/OPENBUGBOUNTY/...

Starbucks: Stored XSS in comments on https://www.starbucks.co.uk/blog/*

Hi, there are a lot of published blog post under https://www.starbucks.co.uk/blog/. You can find plenty of them using this google dork site:www.starbucks.co.uk inurl:blog/. Notice the comments functionality at the bottom at the page. When a comment is sent the following request is made: http POST...

Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04652)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in the admin/blog/add/ URI in Subrion CMS version 4.0.5...

Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04651)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in admin/blog/add/URI in Subrion CMS version 4.0.5.10. A...

CVE-2017-6002

Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter...

Cross site request forgery (csrf)

Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter...

Cross site request forgery (csrf)

Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter...

CVE-2017-6069

Subrion CMS 4.0.5 is affected by CVE-2017-6069: CSRF in admin/blog/add/ can let an attacker add arbitrary tags and may allow XSS via the tags parameter. Connected records also describe a separate XSS vulnerability (via the blog/add/ body) that is a different issue from CVE-2017-6069. The CVE desc...

CVE-2017-6069

Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter...

LastPass Password Manager and then exposed a serious vulnerability, the browser-based Password Manager can also be used? - Vulnerability warning-the black bar safety net

No use cryptographic software before, we easily forget the password; use password software, we“reluctantly”leak the All password. LastPass, the popular password management software, recently again broke security vulnerabilities. Security personnel found in LastPass Chrome and Firefox 4.1.42 versi...

Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Logsign Remote Command Injection', 'Description' = %q This module exploits an command injection vulnerability in Logsign. By exploiting this...

Logsign Remote Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Logsign Remote Command Injection', 'Description' = %q This module exploits an command injection vulnerability in Logsign. By exploiting this...

Start Menu Layout Roaming on Windows 10

The Windows 10 Start menu layout is pain point for many users. What’s more, when utilizing roaming profile solutions, the Start menu layout might not be persistent when roaming across multiple desktops. We have described the reasons for this issue in this Citrix blog. The following is a workaroun...