60 matches found
WordPress plugin SVG Case Study 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...
WordPress SVG Case Study plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin SVG Case Study versions = 1.0...
WordPress SVG Case Study Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software SVG Case Study Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9850 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 170c145ba154 Credits Francesco Carlucci Required...
PT-2024-39887 · WordPress · Svg Case Study
Name of the Vulnerable Software and Affected Versions: SVG Case Study plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...
TikTok Pixel Privacy Nightmare: A New Case Study
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers wit...
A week in security (July 8 – July 14)
Last week on Malwarebytes Labs: "Nearly all" AT&T customers had phone records stolen in new data breach disclosure Fake Microsoft Teams for Mac delivers Atomic Stealer Dangerous monitoring tool mSpy suffers data breach, exposes customer details iPhone users in 98 countries warned about spyware by...
Earth Preta’s Cyberespionage Campaign Hits Over 200
We present a case study of the cyberespionage efforts by Earth Preta. This study on an active campaign delves into the structure, goals, and requirements of the organizations involved, and provides an opportunity to conduct wider intelligence analysis and insights in the development of effective...
Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks
In this blog entry, we present a case study that illustrates how data-science techniques can be used to gain valuable insights about ransomware groups' targeting patterns as detailed in our research paper, “What Decision-Makers Need to Know About Ransomware Risk.”...
How to Support Agile Development Through Cybersecurity Best Practices
Understanding other peoples problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development teams, want to be able to develop quickly and easily to stay ahead of their competition...
Excellent Write-up of the SolarWinds Security Breach
Robert Chesney wrote up the Solar Winds story as a case study, and its a really good summary...
Gitls - Enumerate Git Repository URL From List Of URL / User / Org
Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline This tool is available when the repository, such as github, is included in the bugbounty scope. Sometimes specified as an org name or user name rather than a specific repository, you can use this tool to extract url...
Amlsec - Automated Security Risk Identification Using AutomationML-based Engineering Data
This prototype identifies security risk sources i.e., threats and vulnerabilities and types of attack consequences based on AutomationML AML artifacts. The results of the risk identification process can be used to generate cyber-physical attack graphs, which model multistage cyber attacks that...
Rosenbridge - Hardware Backdoors In Some X86 CPUs
project:rosenbridge reveals a hardware backdoor in some desktop, laptop, and embedded x86 processors. The backdoor allows ring 3 userland code to circumvent processor protections to freely read and write ring 0 kernel data. While the backdoor is typically disabled requiring ring 0 execution to...
Customer data & marketing operations: Keeping your data safe on the journey to GDPR compliance
Emails. Web forms. Events. Oh my! These marketing tactics are all designed to gather, store, and evolve relationships with your prospects, customers, and partners. Often times, they are the first point of contact for your organization from the outside world—and they all feed into your marketing...
Encryption 101: ShiOne ransomware case study
In part one of this series, Encryption 101: a malware analyst's primer, we introduced some of the basic encryption concepts used in malware. If you haven't read it, we suggest going back for a review, as it's necessary in order to be able to fully follow part two, our case study. In this study, w...
NAT with SD-WAN explained with Case study
Assistance required with NAT configuration...
Caution! Hackers Can Easily Hijack Popular Baby Monitors to Watch Your Kids
Several video baby monitors from six different manufacturers were under scrutiny for in-depth security testing, and the outcome was negative. Yes, they lacked in serving basic security through their devices. At the High Technology Crime Investigation Association HTCIA conference on September 2,...
ftpdmin 0.96 RNFR Remote Buffer Overflow Exploit (xp sp3/case study)
No description provided by source. ?php / ftpdmin v. 0.96 RNFR remote buffer overflow exploit xp sp3 / case study by Nine:Situations:Group::surfista software site: http://www.sentex.net/mwandel/ftpdmin/ our site: http://retrogod.altervista.org/ bug found by rgod in 2006, RNFR sequences can trigge...
ftpdmin 0.96 RNFR Remote Buffer Overflow Exploit (xp sp3/case study)
Exploit for windows platform in category remote exploits ==================================================================== ftpdmin 0.96 RNFR Remote Buffer Overflow Exploit xp sp3/case study ==================================================================== ".$cmd."\n";...
Social engineering analysis, and network phishing attacks case study-vulnerability warning-the black bar safety net
Recent fishing information, Put a point out for everyone to see. In fact it is not anything new, mainly want everyone to understand what is social engineering what is phishing, the relationship between them is what will lead to the question of what to appear. Because is belongs to the presentatio...