Happy 23rd Birthday TaoSecurity Blog

Happy birthday TaoSecurity Blog, born on this day in 2003! The best way to digest the key lessons from this site is to browse my four volume Best of TaoSecurity Blog book series, published in 2020. It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of...

Happy 22nd Birthday TaoSecurity Blog

Happy birthday TaoSecurity Blog, born on this day in 2003! The best way to digest the key lessons from this site is to browse my four volume Best of TaoSecurity Blog book series, published in 2020. It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of...

ConQuest Dicom Server 1.5.0d Remote Command Execution Exploit

!/usr/bin/env python3 --------------------------------------------------------- preauth rce poc for ConQuest Dicom Server 1.5.0d --------------------------------------------------------- 04.08.2023 @ 22:07 code610 blogspot com import socket target = '192.168.56.106' rport = 5678 pkt1 =...

Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia

Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks. "Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links,...

Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks

A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group TAG said it took down two Blogspot domains that were used b...

H2 Database 1.4.199 - JNI Code Execution Vulnerability

Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...

nojusticenopeace.blogsport.eu XSS vulnerability

Open Bug Bounty ID: OBB-679978 Description| Value ---|--- Affected Website:| nojusticenopeace.blogsport.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

[SECURITY] Fedora 24 Update: kf5-kblog-16.08.2-1.fc24

The KBlog library can retrieve, update or create blog posts on various popu lar blogging platforms like Wordpress or Blogspot.com. The KBlog Library...

Google Expands Default HTTPS to Blogspot

Google today flipped the switch on default HTTPS support for its free domain service provider Blogspot, upping the security ante for the millions of users of the popular platform. Google had previously introduced HTTPS support for Blogspot domains as an option in September 2015. Starting Tuesday,...

goodnews.qld.edu.au XSS vulnerability

Vulnerable URL: http://www.goodnews.qld.edu.au/blogspot/viewblogs.php?tag=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

youtube-trends.blogspot.fr XSS vulnerability

Vulnerable URL: http://youtube-trends.blogspot.fr/search?q=%3C/script%3E%3Cscript%3Ealert%28%27+XSSPOSED%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 17.05.2016 Latest check for patch:| 17.05.2016 17:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

youtube-trends.blogspot.com.uy XSS vulnerability

Vulnerable URL: http://youtube-trends.blogspot.com.uy/search?q=%3C/script%3E%3Cscript%3Ealert%28%27+XSSPOSED%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 17.05.2016 Latest check for patch:| 17.05.2016 17:41 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

youtube-trends.blogspot.com.au XSS vulnerability

Vulnerable URL: http://youtube-trends.blogspot.com.au/search?q=%3C/script%3E%3Cscript%3Ealert%28%27+XSSPOSED%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 17.05.2016 Latest check for patch:| 17.05.2016 17:42 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

HTTPS Available as Opt-In for Blogspot

Google said on Wednesday it has made HTTPS available as an opt-in for its Blogspot publishing service. Google and other technology providers have been ramping up encryption rollouts in the two years since the publication of the Snowden documents began. To date, Google has encrypted Gmail, search,...

PHP Decoda 3.3.1 - Local File Inclusion

No description provided by source. Exploit Title: php-decoda local file inclusion Date: 16/06/2012 Author: Number 7 Software Link: http://milesj.me/code/php/decoda Version: 3.3.1 Tested on: linux Exp: http://localhost/milesj-php-decoda/index.php?view=../../../../../../../etc/passwd%00 Line 111 in...

Yii Framework 1.1.8 Search SQL Injection Vulnerability

No description provided by source. Exploit Title: Yii Framework - Search SQL Injection Vulnerability Google Dork: No Dork Date: 20/11/2012 Exploit Author: Junookyo Vendor Homepage: http://www.yiiframework.com/ Software Link: http://www.yiiframework.com/download/ Version: 1.1.8 maybe another versi...

w-CMS 2.0.1 Remote Code Execution

Exploit Title: w-CMS 2.0.1 Remote Code Execution Vulnerability Google Dork: intext:"Powered by w-CMS" Date: 15/08/2013 Exploit Author: ICheerNo0M - http://icheernoom.blogspot.com/ Vendor Homepage: http://w-cms.org/ Software Link: - Version: 2.0.1 Tested on: Windows 7 + PHP 5.2.6 --- Vuln Code :...

Windows Movie Maker Version 2.1.4026.0 (.wav) - Crash POC

Exploit for windows platform in category dos / poc Exploit Title: Windows Movie Maker Version 2.1.4026.0 .wav - Crash POC Date: 16-07-2013 Exploit Author: ariarat Vendor Homepage: http://www.microsoft.com Software Link: included in windows xp sp2 and sp3 Version: 2.1.4026.0 Tested on: Windows XP...

Google Chrome Multiple Vulnerabilities-02 March 2013 (Windows)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln02mar13win.nasl 6074 2017-05-05 09:03:14Z teissa $ Google Chrome Multiple Vulnerabilities-02 March 2013 Windows Authors: Thanga Prakash S Copyright: Copyright ...

Ray Sharp DVR Password Retriever

This module takes advantage of a protocol design issue with the Ray Sharp based DVR systems. It is possible to retrieve the username and password through the TCP service running on port 9000. Other brands using this platform and exposing the same issue may include Swann, Lorex, Night Owl, Zmodo,...