blogs.unisys.com XSS vulnerability

Vulnerable URL: http://blogs.unisys.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown...

blog.hootsuite.com XSS vulnerability

Open Bug Bounty ID: OBB-151835 Description| Value ---|--- Affected Website:| blog.hootsuite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

blog.us.playstation.com XSS vulnerability

Vulnerable URL: http://blog.us.playstation.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 08.06.2016 Latest check for patch:| 08.06.2016 02:27 GMT Vulnerability type:| XSS Vulnerability status:|...

Zomato: Reflected XSS on business-blog.zomato.com - Part I

Hi guys, I would like to report a reflected XSS on business-blog.zomato.com. 1. Open Chrome and Firefox latest versions 2. Open https://business-blog.zomato.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert1 3. Payload is executed Check the attached screenshot. Solution...

Typecho 博客系统 后台评论处 存储型XSS漏洞

No description provided by source...

Microsoft Windows 7 10 2008 2012 R2 (x86x64) - Local Privilege Escalation (MS16-032) (PowerShell)

Microsoft Windows 7 10 2008 2012 R2 x86x64 - Local Privilege Escalation MS16-032 PowerShell function Invoke-MS16-032 https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html .DESCRIPTION Author: Ruben Boonen @FuzzySec Blog: http://www.fuzzysecurity.com/ License: BSD...

Jigsaw Ransomware Decryption Tool

Menacing ransomware called Jigsaw threatened to delete thousands of files an hour if victims didn’t pay 0.4 Bitcoins or $150. Worse, restarting your PC, according to the attackers, would also cost victims 1,000 deleted files. The icing on the cake was a menacing image of “Billy the Puppet” from t...

High School Fashion Blog - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application High School Fashion Blog published at the 'play' market has multiple vulnerabilities...

Cloud Metadata URL List

Landed the SSRF Cloud Metadata technique in a few different scenarios recently. If you havent seen the talk BHUSA 2014 - Bringing a Machete to the Amazon I recommend it. To make life a little easier created a living URL list for Metadata broken down by cloud. There are a few more than he discusse...

Cloud Metadata URL List

Landed the SSRF Cloud Metadata technique in a few different scenarios recently. If you haven't seen the talk BHUSA 2014 - Bringing a Machete to the Amazon I recommend it. To make life a little easier created a living URL list for Metadata broken down by cloud. There are a few more than he discuss...

Microsoft Deploys Macro-Blocker in Office to Curb Malware

If it ain’t broke, don’t fix it. If there’s one thing the recent surge in threats using macros to spread malware has shown, it’s that the vector is clearly working for attackers. Developers at Microsoft hope a feature in the latest version of Microsoft Office will reduce the frequency of those...

Warning about NPM modules | Cloud Foundry

Warning about NPM modules Advisory Vendor Node Package Manager NPM Versions Affected Cloud Foundry NodeJS Buildpack Description If your app developers deploy Node applications, we’d like to alert you to recent developments with NPM and module ownership in the Node community. A blog post was...

sourceforge.net XSS vulnerability

Vulnerable URL: https://sourceforge.net/blog/?xwxalert/XSSPOSED/...

myus.com XSS vulnerability

Vulnerable URL: https://www.myus.com/blog/?xwx"onmouseover=prompt/XSSPOSED/ 1=1 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 5 VIP website status:| No Check myus.com S...

[SECURITY] Fedora 22 Update: php-htmLawed-1.1.21-1.fc22

PHP code to purify and filter HTML make HTML markup in text secure and standard-compliant process text for use in HTML, XHTML or XML documents restrict HTML elements, attributes or URL protocols using black or white-lists balance tags, check element nesting, transform deprecated attributes and...

neocounter.neoworx-blog-tools.net XSS vulnerability

Vulnerable URL: http://neocounter.neoworx-blog-tools.net/?domain=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 23.03.2016 Latest check for patch:| 23.03.2016 01:41 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

blog-apart.com XSS vulnerability

Vulnerable URL: http://blog-apart.com/?domain=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 03.03.2016 Latest check for patch:| 03.03.2016 03:00 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1033660 Google...

Bo-Blog 2.1.1 usergroup参数 跨站脚本攻击漏洞

No description provided by source...

FTC Shares Security Tips for ASUS Wireless Routers

The Federal Trade Commission FTC has provided network security tips for vulnerable ASUS-branded wireless routers. Major security flaws in these routers may have exposed customers' sensitive information to malicious actors. FTC urges consumers to download the latest security updates for their...

Microsoft Releases Update for EMET

US-CERT is aware of a vulnerability in Microsoft Enhanced Mitigation Experience Toolkit EMET versions prior to 5.5. Exploitation of this vulnerability may allow a remote attacker to bypass or disable EMET to take control of an affected system. US-CERT recommends users and administrators visit the...