Reddit: Reflected XSS via File Upload

Vulnerability description not provided...

reentrancy

Lines of code Vulnerability details Impact If an attacker were able to successfully exploit a reentrancy vulnerability in this contract, they could potentially cause the contract to enter an infinite loop, consuming all available gas and rendering it unusable. This could result in financial losse...

Virual defacement allows attacker to display any message of his choice

Description This attack involves injecting malicious data into a page of a web application to feed misleading information to users of the application. This kind of attack is known as virtual defacement because the actual content hosted on the target's web server is not modified. The defacement is...

Burning collateralContractAddress by mistake in closeLoan

Lines of code closeLoan; L116-216 Vulnerability details Impact ERC721 used as collateral could possibly never return to borrower. Proof of Concept No zero address check for sendCollateralTo might lead to sending ERC721 used as collateral to inexistent address. Use of transferFrom instead of...

Obscure Email Vulnerability allow anyone to signup with target email id without proper verification and Allowing malicious domain on username input field leads to business logic error by victim response fetching via email and force a user to download any file hacker want on behalf of [email protected].

Description This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so [email protected] is the same as [email protected] is the same as [email protected]. with this vulnerability attacker ca...

FBI warns of bogus job postings on recruitment sites

Before Christmas was a busy time down at the fake job factory, with all manner of dubious antics out to ruin someone’s day. We’re now info February and the bogus job offers show no sign of abating. In fact, the FBI considers it to be such a problem that its issued an alert. This isn’t your typica...

The True Impact of Ransomware Attacks

One of the most damaging myths about ransomware attacks is, “If your company does regular system backups, you don’t have to worry. Just restore from the backup.” While system backups are crucial — power outages, natural disasters, or even mistakes by employees can destroy data just as quickly as ...

Importance of Application Security and Customer Data Protection to a Startup

When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent probably even more! to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at the bottom of your things-to-do...

Identifying Let’s Encrypt Revoked Certificates

Let's Encrypt is a free, automated, open certificate authority CA run for the public's benefit as a service from the Internet Security Research Group ISRG. It provides free digital certificates to enable HTTPS SSL/TLS for websites via user-friendly means. Earlier this week, Let's Encrypt announce...

Cybercriminals Adding Sophistication to BEC Threats

Cybercriminals are boosting their game and employing new tactics to move up the chain of command with more sophisticated business email compromise BEC threats that pose a greater threat to organizations, according to a new report. Advanced BEC attacks–including impersonation attacks and CEO...

Bitfi research receives Pwnie Award for ‘lamest vendor response’

The Pwnie Awards is an annual celebration of the achievements of security researchers and the security community. It's also an opportunity to roast vendors for lame responses to security concerns. The ceremony took place last night, August 8th, 2018 in Las Vegas at the BlackHat USA security...

Zomato: CSRF To Like/Unlike Photos

Description: There is a CSRF vulnerability allowing an attacker to trick a user into visiting his/her site and to forge a request to zomato.com that will in turn like or unlike the photos of the attacker's choosing. The vulnerable page is https://www.zomato.com/php/photoViewerActionsHandler.php ,...

Enter: [CRITICAL]-Taking over entire subdomain of romit.io

Hi, During recon, I found out that blog.romit.io was not mapped with wordpress.com and the domain was returning back error like this domain has not been mapped with wordpress.com, to map it please login into wordpres.com. So, I quickly created an account on wordpress.com and mapped blog.romit.io ...

April 2011 – Sony PSN

Executives at Sony probably didn’t anticipate that a lawsuit against technology whiz kid George Hotz would end up backfiring as spectacularly as it did. The missing ingredient? The hacktivist group Anonymous, which adopted Hotz as a cause célèbre and retaliated with an attack on Sony’s Play Stati...

XSS vulnerability in Contributors macro

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence \contributors macro. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An...

XSS vulnerability in Contributors macro

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence \contributors macro. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An...

XSS vulnerability in Contributors macro

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence \contributors macro. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's own web server. An...

David Mortman and Alex Hutton on Exploit Code Use, Data Breaches and Reputation Damage

Dennis Fisher talks with David Mortman and Alex Hutton of the New School of Information Security blog about the Mortman/Hutton model, data breaches and the effect of breaches on the reputation and viability of an organization. Download Subscribe to the Digital Underground podcast on Podcast audio...