mapmyfitness.com XSS vulnerability

Vulnerable URL: http://www.mapmyfitness.com/blog/?q=" Details: Description| Value ---|--- Patched:| Yes, at 01.10.2016 Latest check for patch:| 01.10.2016 07:06 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 31361 VIP website status:| Yes Check mapmyfitness.com...

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...

SQL injection vulnerability in BlogManage/Video/MyVideo.aspx page of Shanghai Hongyu Information Technology Co.

ECS ECS education site system is a general-purpose CMS program developed by Shanghai Hongyu Information Technology Co., Ltd. for schools, education and other site-building system. ECS BlogManage/Video/MyVideo.aspx page has a SQL injection vulnerability, which can be exploited to obtain sensitive...

Simple-Log Reinstallation Vulnerability

SimpleLog Blog System is a blog system built with PHP+MySQL. A reinstallation vulnerability exists in Simple-Log v1.6, which allows attackers to exploit the vulnerability to reinstall the system, resulting in data loss...

OpenStego - Steganography Application (Data Hiding and Watermarking)

OpenStego is a steganography application that provides two functionalities: 1. Data Hiding: It can hide any data within a cover file e.g. images. 2. Watermarking: Watermarking files e.g. images with an invisible signature. It can be used to detect unauthorized file copying. Usage For GUI: java -j...

ddg.biz XSS vulnerability

Vulnerable URL: http://www.ddg.biz/blog/index.php?cat=payroll";...

August 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

communicatie.canvas.be XSS vulnerability

Vulnerable URL: https://communicatie.canvas.be/blog/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert%60OPENBUGBOUNTY%60 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

pers.livecomedy.be XSS vulnerability

Vulnerable URL: https://pers.livecomedy.be/blog/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert%60OPENBUGBOUNTY%60 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

Kodi Web Server 16.1 - Denial of Service

Exploit Title: Kodi 16.1 Web Server Remote DoS Date: 06/08/2016 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: https://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploits Vendor Homepage: https://kodi.tv/ Software Link:...

Multiple Cross-Site Scripting Vulnerabilities in Dotclear

Dotclear is a PHP and MySQL based Blog system . Dotclear has multiple cross-site scripting vulnerabilities that can be exploited by attackers to execute arbitrary script code in a user's browser...

blog.clickmeeting.com XSS vulnerability

Open Bug Bounty ID: OBB-170908 Description| Value ---|--- Affected Website:| blog.clickmeeting.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Zomato: Outdated MediaElement.js Reflected Cross-Site Scripting (XSS)

I took a quick look at the business-blog.zomato.com wordpress installation, and found that it was quite outdated. Version 4.2.4 as far as I could tell A pretty famous XSS attack exists for Wordpress versions below 4.5.2 that allows for reflected cross site scripting. More details can be found her...

Moodle 2.2.x < 2.2.7 Multiple Vulnerabilities

Binary data 9412.prm...

Moodle 2.1.x < 2.1.10 Multiple Vulnerabilities

Binary data 9410.prm...

blog.sony.com XSS vulnerability

Vulnerable URL: http://blog.sony.com//wp-includes/js/plupload/plupload.flash.swf?%target%g=alert%g=OPENBUGBOUNTY& Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

Airia - Arbitrary File Upload

Airia - Arbitrary File Upload Exploit Title: Airia - Webshell Upload Vulnerability Date: 2016-06-20 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ytyng.com Software Link: https://github.com/ytyng/airia/archive/master.zip Version: Latest commit Tested on: Debia...

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload

an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator = '-------------------------------------------------------------------'; $ch = curlinit$url; curlsetopt$ch,...

June 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

Windows Zero Day Selling for $90,000

Hackers claim to have unearthed a zero-day vulnerability giving attackers admin rights to any Windows machine from Windows 2000 to a fully patched version of Windows 10. The zero day is for sale on the black market for $90,000. Security experts say the zero-day exploit looks legitimate and in the...