2348 matches found
CVE-2018-0579
Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-0579
Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-0579
The CVE relates to the WordPress plugin “Open Graph for Facebook, Google+ and Twitter Card Tags” (prior to v2.2.4.1). A reflected XSS was reported in the wd_fb_og_error parameter on GET edits, exploitable by an authenticated WordPress administrator via crafted link. Impact is arbitrary script exe...
CVE-2018-0579
Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Microsoft Office Graph Serialized Data Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Graph. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...
WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting
Overview The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...
JVN#08386386: WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" vulnerable to cross-site scripting
The WordPress plugin "Open Graph for Facebook, Google+ and Twitter Card Tags" provided by Webdados contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according t...
WordPress Open Graph for Facebook, Google+ and Twitter Card Tags Plugin Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Open Graph for Facebook, Google+ and Twitter Card Tags plugin,...
Securing the modern workplace with Microsoft 365 threat protection – part 1
This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security. The roots of Microsoft 365 threat protection Over the next few weeks, well introduce you to Microsoft 365s threat protection services and demonstrate how Microsoft 365s threat protection leverages...
[SECURITY] Fedora 27 Update: jgraphx-3.6.0.0-4.fc27
JGraphX is the a powerful, easy-to-use and feature-rich graph drawing component for Java. It is a rewrite of JGraph, also known as JGraph 6...
[SECURITY] Fedora 26 Update: jgraphx-3.6.0.0-3.fc26
JGraphX is the a powerful, easy-to-use and feature-rich graph drawing component for Java. It is a rewrite of JGraph, also known as JGraph 6...
UBUNTU-CVE-2017-18261
The archtimerregreadstable macro in arch/arm64/include/asm/archtimer.h in the Linux kernel before 4.13 allows local users to cause a denial of service infinite recursion by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace,...
CVE-2017-18261
The archtimerregreadstable macro in arch/arm64/include/asm/archtimer.h in the Linux kernel before 4.13 allows local users to cause a denial of service infinite recursion by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace,...
Connect to the Intelligent Security Graph using a new API
Most organizations deal with high volumes of security data and have dozens of security solutions in their enterprise, making the task of integrating various products and services daunting and complex. The cost, time, and resources necessary to connect systems, enable correlation of alerts, and...
Facebook Graph Metadata Crosswalk Mapping Proof Of Concept
!/usr/bin/perl Facebook 'Graph' metadata crosswalk mapping PoC 2018 Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Description: Criminal hacker CRACKER can take advantage of this weakness by creating a specialized database to manipulate facebook users with fake news...
VirusTotal launches 'Droidy' sandbox to detect malicious Android apps
One of the biggest and most popular multi-antivirus scanning engine service has today launched a new Android sandbox service, dubbed VirusTotal Droidy, to help security researchers detect malicious apps based on behavioral analysis. VirusTotal, owned by Google, is a free online service that allow...
Chrome V8 JIT - 'GetSpecializationContext' Type Confusion
PoC: function optarg = = arg let tmp = opt.x; // LdaNamedProperty for ;; arg; yield; function inner tmp; break; for let i = 0; i arg; this; , opt let tmp = arg.x; for ;; arg; yield; tmp = inner tmp; ; for let i = 0; i 10000; i++ opt; What happened: 1. The LdaNamedProperty operation "opt.x" was...
Software Defined Radio Attack Tool: RFCrack
RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...
CloudBees Jenkins Dependency Graph Viewer plugin unauthorized modification vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Dependency Graph Viewer is used in o...