216 matches found
BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)
The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payloads: - in the htaccess File Options htaccess File Editor...
WordPress BulletProof Security plugin <= 5.7 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress BulletProof Security plugin versions = 5.7. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 5.8...
Digging Deeper – An In-Depth Analysis of a Fast Flux Network
Fast Flux is a DNS technique used by botnets to hide various types of malicious activities, such as phishing, web proxying, malware delivery, and malware communication, behind an ever-changing network of compromised hosts acting as proxies. The Fast Flux network concept was first introduced in...
Wordpress BulletProof Security Backup Disclosure
The Wordpress plugin BulletProof Security, versions use auxiliary/scanner/http/wpbulletproofsecuritybackups msf auxiliarywpbulletproofsecuritybackups show actions ...actions... msf auxiliarywpbulletproofsecuritybackups set ACTION msf auxiliarywpbulletproofsecuritybackups show options ...show and...
Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals
Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Pavel Stassi, 30, of Estonia, and...
Wordpress BulletProof Security 5.1 Plugin - Sensitive Information Disclosure Vulnerability
Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: = 5.1 Tested on:...
WordPress BulletProof Security 5.1 Information Disclosure
Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...
Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure
Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...
CVE-2021-39327
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...
CVE-2021-39327
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...
Design/Logic Flaw
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...
CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...
CVE-2021-39327
Summary: CVE-2021-39327 affects the BulletProof Security WordPress plugin up to version 5.1, causing a sensitive information disclosure via a publicly accessible file path disclosure in ~/db_backup_log.txt. This reveals the site’s full path and database backup file paths. Impact (as stated): Atta...
WordPress 插件 信息泄露漏洞
WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin BulletProof Security suffers from an information disclosure vulnerability that stems from the fact that the BulletProof Security plugin for WordPress can easily disclose sensitive information due to a file...
PT-2021-22534 · WordPress · Bulletproof Security
Name of the Vulnerable Software and Affected Versions: BulletProof Security WordPress plugin versions up to, and including, 5.1 Description: The issue concerns sensitive information disclosure due to a file path disclosure in the publicly accessible /db backup log.txt file. This grants attackers...
BulletProof Security < 5.2 - Sensitive Information Disclosure
The plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files...
WordPress BulletProof Security plugin <= 5.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Vincent Rakotomanga in WordPress BulletProof Security plugin versions = 5.1. Solution Update the WordPress BulletProof Security plugin to the latest available version at least 5.2...
MISA expands portfolio and looks ahead during Microsoft Inspire
This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. Welcome to fiscal year 2022 FY22 and my first official blog as the MISA Lead. It’s been a whirlwind couple of months getting up to speed with all things MISA—closing out FY21...
Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia
Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu aka "Virus", the individual in question, was detained at the El Dorado airport in...
Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting
Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization RICO charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S. T...