134 matches found
Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021
The eCommerce industry has gone through years worth of changes in a matter of just a mere couple of months as the global pandemic emerged back in March of 2020. These changes have led to skyrocketing growth for the industry, with sales predicted to hit $4.921 trillion by the end of this year. And...
in jspark311/buriedunderthenoisefloor
Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. https://github.com/jspark311/BuriedUnderTheNoiseFloor/ is vulnerable to remo...
in yeswiki/yeswiki
Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker to inject javascript code via SVG...
Brace yourselves: Holiday shopping season is coming
The E-commerce market has seen tremendous revenue growth during the pandemic. Along with that good news for E-business, there has been an increase in fraudulent activities online that may cost retailers over $20 billion in losses by the end of 2021. According to eMarketer, worldwide retail...
Glovo: Reflected XSS on delivery.glovoapp.com
Summary: Hi, there's a reflected XSS vulnerability present on the https://delivery.glovoapp.com/referrals/ endpoint. Steps To Reproduce: Opening the following URL should trigger the prompt window specified in the request parameters, indicating that arbitrary javascript can be injected into the...
JavaScript Fraud: More Than Just Magecart and Skimming
The global pandemic has driven a sharp rise in online traffic that provides fertile ground for attackers to execute a growing number of more sophisticated client-side attacks. For example, Magecart-style attacks are used to steal sensitive information by skimming data either through a first-party...
Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload
Title: Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload Author: h4shur date: 2021-05-06 Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/wp-super-edit/ Version : 2.5.4 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Dor...
Wordpress WP Super Edit 2.5.4 Plugin - Remote File Upload Vulnerability
Title: Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload Author: h4shur Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/wp-super-edit/ Version : 2.5.4 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Dork :...
U.S. Dept Of Defense: [www.███] Reflected Cross-Site Scripting
Description: Good morning, there's a reflected cross-site scripting vulnerability on https://www.██████████/█████ There was some difficult in making a payload for this vulnerability, mainly due to the WAF blocking some vectors; But exploitation is still possible. Here's a proof of concept showing...
CVE-2021-1420
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
Design/Logic Flaw
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
Cisco Webex Meetings HTML Injection Vulnerability
Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An HTML injection vulnerability exists in certain pages of Cisco Webex Meetings. The vulnerability stems from improper checking of parameter values on the affected pages. An attacker could exploit the vulnerability by...
Cisco Webex Meetings HTML Injection Vulnerability
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...
Cisco Webex Meetings 安全漏洞
Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An HTML injection vulnerability exists in certain pages of Cisco Webex Meetings. The vulnerability stems from improper checking of parameter values on the affected pages. An attacker could exploit the vulnerability by...
Online fraud at an all-time high amidst the global pandemic
Client-side attacks have become significantly more prominent in recent years, gaining popularity since 2015. As online activity rises due to the global pandemic, 2020 has been no exception, with the most susceptible target, e-commerce, becoming more lucrative than ever. The Client-Side Problem...
Akamai and Snyk Partnership Creates a Powerful Combination for In-Browser Script Protection
A web experience begins with the sum of the code you created. But it also includes all the code the user is put in contact with when loading your website. This means the attack surface to monitor for web application software threats is not just your code repositories, but the sum of the assets re...
keycloak: security headers missing on REST endpoints
A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...
CVE-2020-3345
A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...