Lucene search
K

216 matches found

wpexploit
wpexploit
added 2022/02/22 12:0 a.m.115 views

BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payloads: - in the htaccess File Options htaccess File Editor...

0.4AI score0.00588EPSS
Exploits2
Patchstack
Patchstack
added 2022/02/22 12:0 a.m.21 views

WordPress BulletProof Security plugin <= 5.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress BulletProof Security plugin versions = 5.7. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 5.8...

4.8CVSS2.4AI score0.00588EPSS
Exploits2References3Affected Software1
Akamai Blog
Akamai Blog
added 2021/11/16 2:0 p.m.21 views

Digging Deeper – An In-Depth Analysis of a Fast Flux Network

Fast Flux is a DNS technique used by botnets to hide various types of malicious activities, such as phishing, web proxying, malware delivery, and malware communication, behind an ever-changing network of compromised hosts acting as proxies. The Fast Flux network concept was first introduced in...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2021/10/29 5:42 p.m.230 views

Wordpress BulletProof Security Backup Disclosure

The Wordpress plugin BulletProof Security, versions use auxiliary/scanner/http/wpbulletproofsecuritybackups msf auxiliarywpbulletproofsecuritybackups show actions ...actions... msf auxiliarywpbulletproofsecuritybackups set ACTION msf auxiliarywpbulletproofsecuritybackups show options ...show and...

5.3CVSS6.2AI score0.7233EPSS
Exploits7
The Hacker News
The Hacker News
added 2021/10/21 3:42 a.m.44 views

Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals

Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Pavel Stassi, 30, of Estonia, and...

0.8AI score
Exploits0
0day.today
0day.today
added 2021/10/06 12:0 a.m.260 views

Wordpress BulletProof Security 5.1 Plugin - Sensitive Information Disclosure Vulnerability

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: = 5.1 Tested on:...

5.3CVSS5.7AI score0.7233EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/10/06 12:0 a.m.271 views

WordPress BulletProof Security 5.1 Information Disclosure

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...

5CVSS5.7AI score0.7233EPSS
Exploits7
Exploit DB
Exploit DB
added 2021/10/06 12:0 a.m.301 views

Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...

5.3CVSS5.7AI score0.7233EPSS
Exploits7
NVD
NVD
added 2021/09/17 11:15 a.m.90 views

CVE-2021-39327

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5.3CVSS0.7233EPSS
Exploits7References5
OSV
OSV
added 2021/09/17 11:15 a.m.26 views

CVE-2021-39327

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5.3CVSS5.8AI score0.7233EPSS
Exploits7References5
Prion
Prion
added 2021/09/17 11:15 a.m.31 views

Design/Logic Flaw

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5CVSS4.9AI score0.7233EPSS
Exploits7References5Affected Software1
Vulnrichment
Vulnrichment
added 2021/09/17 10:26 a.m.14 views

CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5.3CVSS5AI score0.7233EPSS
Exploits7References5
CVE
CVE
added 2021/09/17 10:26 a.m.148 views

CVE-2021-39327

Summary: CVE-2021-39327 affects the BulletProof Security WordPress plugin up to version 5.1, causing a sensitive information disclosure via a publicly accessible file path disclosure in ~/db_backup_log.txt. This reveals the site’s full path and database backup file paths. Impact (as stated): Atta...

5.3CVSS5.2AI score0.7233EPSS
Exploits7References5Affected Software1
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.39 views

WordPress 插件 信息泄露漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin BulletProof Security suffers from an information disclosure vulnerability that stems from the fact that the BulletProof Security plugin for WordPress can easily disclose sensitive information due to a file...

5.3CVSS6.7AI score0.7233EPSS
Exploits7References9
Positive Technologies
Positive Technologies
added 2021/09/17 12:0 a.m.10 views

PT-2021-22534 · WordPress · Bulletproof Security

Name of the Vulnerable Software and Affected Versions: BulletProof Security WordPress plugin versions up to, and including, 5.1 Description: The issue concerns sensitive information disclosure due to a file path disclosure in the publicly accessible /db backup log.txt file. This grants attackers...

5.3CVSS5.2AI score0.7233EPSS
Exploits7References10
wpexploit
wpexploit
added 2021/09/16 12:0 a.m.154 views

BulletProof Security < 5.2 - Sensitive Information Disclosure

The plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files...

5.3CVSS1.5AI score0.7233EPSS
Exploits7References2
Patchstack
Patchstack
added 2021/09/16 12:0 a.m.41 views

WordPress BulletProof Security plugin <= 5.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Vincent Rakotomanga in WordPress BulletProof Security plugin versions = 5.1. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 5.2...

5.3CVSS2.5AI score0.7233EPSS
Exploits7References3Affected Software1
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/07/14 3:0 p.m.49 views

MISA expands portfolio and looks ahead during Microsoft Inspire

This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. Welcome to fiscal year 2022 FY22 and my first official blog as the MISA Lead. It’s been a whirlwind couple of months getting up to speed with all things MISA—closing out FY21...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/07/01 5:23 a.m.62 views

Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia

Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu aka "Virus", the individual in question, was detained at the El Dorado airport in...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/10 6:17 a.m.53 views

Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting

Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization RICO charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S. T...

0.4AI score
Exploits0
Rows per page
Query Builder