29 matches found
EUVD-2006-0850
Malware in sbrugna...
EUVD-2023-41822
Malicious code in bioql PyPI...
EUVD-2021-28459
Malicious code in bioql PyPI...
Modern Campus Omni CMS Security Vulnerability
Modern Campus Omni CMS is a web content management system from Modern Campus, Inc. It is used by colleges and universities to manage their websites. A security vulnerability exists in Modern Campus Omni CMS version 2023.1, which stems from an XPath injection vulnerability in the blog and RSS...
blog.wordvice.com Improper Access Control vulnerability OBB-3819379
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
blog.essense-of-life.com Improper Access Control vulnerability OBB-3807352
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
What Else Can You Do to Defend Against Bots?
...
Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection
Description The plugin unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
Cross site request forgery (csrf)
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog...
blog.ghtcoalition.org Cross Site Scripting vulnerability OBB-3508848
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Gravity Forms < 2.7.4 - Unauthenticated PHP Object Injection
The plugin unserializes user input via the getfieldinput, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
blog.ipi.media Cross Site Scripting vulnerability OBB-2348151
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
blog.barre3.com Cross Site Scripting vulnerability OBB-2331068
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Frontend File Manager < 18.3 - Unauthenticated Arbitrary Post Deletion
The wpfmdeletefile AJAX action of the plugin, available to unauthenticated users, was lacking CSRF and capability check, allowing unauthenticated users to delete arbitrary posts and pages from the blog...
Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload
According to Jerome Bruandet, from NintechNet, the vulnerability, currently exploited by attackers, allows any logged-in user to upload and execute PHP scripts on the blog. Chloe Chamberland from Wordfence also confirmed the issue and added that "This vulnerability is being used in conjunction wi...
Did my comment on your blog get lost?
If you ever feel bad about your job because of mindless tasks you must perform day after day, or if you're bothered by the fact that your chosen work pays crap, produces nothing useful, and helps no one: have a look at blog comment spammers and breathe a sigh of relief. They make almost any job...
blog.penelopetrunk.com XSS vulnerability
Open Bug Bounty ID: OBB-618008 Description| Value ---|--- Affected Website:| blog.penelopetrunk.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Starbucks: csrf blogs.starbucks.com
We can add comments on any article from the the user's account Request POST /blogs/customer/archive/2016/05/06/starbucks-doubleshot-174-energy-coffee-makes-a-flavorful-foray-into-the-realm-of-spiced-coffee.aspx HTTP/1.1 Host: blogs.starbucks.com User-Agent: Mozilla/5.0 Windows NT 6.2; WOW64;...
blog.bluestone.com XSS vulnerability
Vulnerable URL: http://blog.bluestone.com/wp-admin/admin-ajax.php?action=revsliderajaxactionaction= Rahul Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 22:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
My Blog, 2.0.1 Build 286,
My Blog, 2.0.1 Build 286, SQL Injection...