TLS nonce-nse

Starting a series of blog posts on TLS 1.3, I published my notes on the landscape of cipher nonces in TLS across versions, to help me clean up the implementation. Comes with hand-drawn diagrams! TLS nonce-nse | CloudFlare Blog archive...

pluck.com XSS vulnerability

Open Bug Bounty ID: OBB-186086 Description| Value ---|--- Affected Website:| pluck.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications that will add a new user as administrator. Once exploited, the attacker can login to the admin panel http://localhost/simple/login.php using the username and the password he posted in the form. CSRF PoC Code ============= -- input type="hidden...

Simple PHP Blog 0.8.4 Cross Site Scripting

======================================================================== | Title : Simple PHP Blog 0.8.4 XSS vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 0.8.4 | Vendor : https://sourceforge.net/projects/sphpblog/ |...

Simple PHP Blog 0.8.4 Cross Site Request Forgery

that will add a new user as administrator. Once exploited, the attacker can login to the admin panel http://localhost/simple/login.php using the username and the password he posted in the form. CSRF PoC Code ============= -- inp...

Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)

that will add a new user as administrator. Once exploited, the attacker can login to the admin panel http://localhost/simple/login.php using the username and the password he posted in the form. CSRF PoC Code ============= -- input type="hidden" name="sF...

baserCMS plugin Blog vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC...

baserCMS plugin Blog vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a cross-site request forgery vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

baserCMS plugin Blog vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Blog contain a stored cross-site scripting vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

JVN#92765814: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugins "Blog", "Mail", "Feed", and "Uploader" contain the following vulnerabilities. Cross-site request forgery CWE-352 - CVE-2016-4879, CVE-2016-4881, CVE-2016-4884, CVE-2016-4885,...

Metasploit Web UI Static secret_key_base Value

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule NullSerializer @serializer = options:serializer || Marshal end def encryptandsignvalue...

MyBB 1.8.6 - SQL Injection

MyBB 1.8.6 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyBB 1.8.6 Fixed in: 1.8.7 Fixed Version Link: http://resources.mybb.com/downloads/mybb1807.zip Vendor Website: http://www.mybb.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes...

Oxwall 1.8.0 Build 9900 Cross Site Scripting / Open Redirect

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Oxwall 1.8.0 build 9900 Fixed in: 1.8.2 Fixed Version Link: https://developers.oxwall.com/download Vendor Website: http://www.oxwall.org/ Vulnerability Type: XSS & Open Redirect Remote Exploitable: Yes Reported to vendor:...

September 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

deepcreekvet.vetstreet.com XSS vulnerability

Vulnerable URL: http://deepcreekvet.vetstreet.com/blog.html?filter=xss%3Cimg%20src=x%20onerror=confirm%22OPENBUGBOUNTY%22%3E=xss%3Cimg%20src=x%20onerror=confirm%22OPENBUGBOUNTY%22%3E& Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS...

bynumveterinaryclinic.vetstreet.com XSS vulnerability

Vulnerable URL: http://bynumveterinaryclinic.vetstreet.com/blog.html?filter=xss%3Cimg%20src=x%20onerror=confirm%22OPENBUGBOUNTY%22%3E=xss%3Cimg%20src=x%20onerror=confirm%22OPENBUGBOUNTY%22%3E& Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:...

SQL injection vulnerability in BlogManage/Resource/UserForResourceList.aspx page of Shanghai Hongyu Information Technology Co.

ECS ECS education site system is a general-purpose CMS program developed by Shanghai Hongyu Information Technology Co., Ltd. for schools, education and other site-building system. The product BlogManage/Resource/UserForResourceList.aspx page SQL injection vulnerability, an attacker registers an...

SQL injection vulnerability in BlogManage/Video/MyVideoAlbum.aspx page of Shanghai Hongyu Information Technology Co.

ECS ECS education site system is a general-purpose CMS program developed by Shanghai Hongyu Information Technology Co., Ltd. for schools, education and other site-building system. The product BlogManage/Video/MyVideoAlbum.aspx page SQL injection vulnerability, an attacker registers an account log...

Welcome to our blog.

Welcome to our blog...

erduo music \source\user\blog\ajax.php the variable content stored XSS

No description provided by source...