7736 matches found
Serendipity Open Redirect Vulnerability
Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. An open redirection vulnerability exists in comment.php in Serendipity in versions 2.0.5 and earlier, which allows remote attackers to redirect...
blog.woodcraft.com XSS vulnerability
Vulnerable URL: http://blog.woodcraft.com/?s=%22%3E%3Csvg/onload=alert%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check blog.woodcraft.c...
Starbucks: csrf blogs.starbucks.com
We can add comments on any article from the the user's account Request POST /blogs/customer/archive/2016/05/06/starbucks-doubleshot-174-energy-coffee-makes-a-flavorful-foray-into-the-realm-of-spiced-coffee.aspx HTTP/1.1 Host: blogs.starbucks.com User-Agent: Mozilla/5.0 Windows NT 6.2; WOW64;...
January 2017 security update release
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...
BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability
Document Title: =============== BlackBoard LMS 9.1 SP14 - Title Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1901 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID VL-ID: ====================================...
Olive Blog vulnerable to cross-site scripting
Overview Olive Blog provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the search parameter. Ueki Shuya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...
JVN#60879379: Olive Blog vulnerable to cross-site scripting
Olive Blog provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the search parameter. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Olive Blog Olive Blog is no longer being developed or maintained. It...
blog.lexusatlanta.com XSS vulnerability
Vulnerable URL: http://blog.lexusatlanta.com/search'%22--!%3E%3CImage%0CSrcset=.%0COnerror=confirm%60OPENBUGBOUNTY%60%3E/ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...
Blog Calendar SQL Injection Vulnerability in Joomla!
Joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the Blog Calendar component of Joomla! Because the program fails to adequately filter user-submitted input, an attacker can exploit the vulnerability to take control of the application, access or modi...
Joomla com_blog_calendar Module SQL Injection Vulnerability
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A SQL injection vulnerability exists in the Joomla comblogcalendar module. An attacker can manipulate the modid value to execute SQL commands and re...
trainerize.com XSS vulnerability
Open Bug Bounty ID: OBB-198908 Description| Value ---|--- Affected Website:| trainerize.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Shopify: Stored XSS in blog comments through Shopify API
Hi there! As far I understand the Shopify Shop have blogs which allow users to comment on blog posts, however the comments with HTML content automatically gets sanitised and then posted to avoid XSS issue. However using the API for comment modification, any application with comment permission can...
Emlog personal blog system exists arbitrary file deletion vulnerability
Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. The /src/admin/data.php page of the emlog personal blog system has an arbitrary file deletion vulnerability. As Bak fails to bring in the unlink function directly after the restriction, allowing an attacker to delete...
Netcore Netis Routers - UDP Backdoor Access
Netcore Netis Routers - UDP Backdoor Access !/usr/bin/python -- coding: utf8 -- NETCORE / NETDIS UDP 53413 BACKDOOR https://netisscan.shadowserver.org/ http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/ https://www.seebug.org/vuldb/ssvid-90227 impor...
Microsoft Internet Explorer 8 MSHTML Ptls5::LsFindSpanVisualBoundaries Memory Corruption
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the fifteenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these throug...
LEPTON 2.2.2 - Remote Code Execution
Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes...
Jaws 1.1.1 Open Redirect / Object Injection / Cookie Flags Vulnerabilities
Jaws version 1.1.1 suffers from object injection, open redirection, and cookie flag related vulnerabilities. 1. Introduction Affected Product: Jaws 1.1.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://jaws-project.com/ Vulnerability Type: Object Injection, Open Redirect, Cooki...
DCFM Blog 0.9.7 Cross Site Scripting Vulnerability
DCFM Blog version 0.9.7 suffers from a cross site scripting vulnerability. DCFM Blog 0.9.7 XSS Attack =========================== Description ============ Open-source blog project. Free blog system for any website. Uses MySQL and PHP 5. Very easily customizable and incredibly flexible...
DCFM Blog 0.9.7 Blind SQL Injection Vulnerability
DCFM Blog version 0.9.7 suffers from a remote blind SQL injection vulnerability. DCFM Blog Version 0.9.7 Blind SQL Injection Vulnerability time based-attack ================================================================================ Description ============ Open-source blog project. Free blo...
Avast Premier Sandbox Escape Security Bypass Vulnerability
Avast Premier is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:avast:avastpremier";...