WordPress Captcha Plugin < 4.4.5 Backdoor Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112155";...

OWASP ZAP 2.7.0 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It...

Responsive Events & Movie Ticket Booking Script 3.2.1 - findcity.php?q SQL Injection Vulnerabili

Exploit for php platform in category web applications Exploit Title: Responsive Events & Movie Ticket Booking Script 3.2.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code

Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate. The technique allows an attacker to circumvent device anti-malware protection and...

allanswers.co.uk XSS vulnerability

Vulnerable URL: https://www.allanswers.co.uk/careers/jobs/senior-php-developer.php/'"--...

mobile.developer.lge.com XSS vulnerability

Open Bug Bounty ID: OBB-446183 Description| Value ---|--- Affected Website:| mobile.developer.lge.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

macOS High Sierra - Root Privilege Escalation (CVE-2017-13872)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X Root Privilege Escalation', 'Description' = %q This module exploits a serious flaw in MacOSX High Sierra. Any user can login with user...

ContextIS Introduces CbRCLI to Access Cb Response via the Command Line for Faster, More Efficient Incident Response

When you think of incident response, there are two key factors. The incident itself, and the need to respond quickly and effectively. You need to have an incident response toolkit that contains everything you need to be able to perform investigations and forensic analysis with speed, accuracy and...

KLA10916 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in ASP.NET Core ca...

JVN#29602086: CS-Cart Japanese Edition vulnerable to cross-site scripting

CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site scripting vulnerabulity CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

developer.amazon.com XSS vulnerability

Open Bug Bounty ID: OBB-410686 Description| Value ---|--- Affected Website:| developer.amazon.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Chinese Keyboard Developer Spies on User Through Built-in Keylogger

By Waqas A Chinese mechanical keyboard manufacturer MantisTek has been caught in the This is a post from HackRead.com Read the original post: Chinese Keyboard Developer Spies on User Through Built-in Keylogger...

PHP 4.2.0 / 4.2.1 Remote Compromise / Denial Of Service Vulnerability

PHP versions 4.2.0 and 4.2.1 suffer from an issue where depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server. Advisory: Remote Compromise/DOS Vulnerability in PHP Author: Stefan Esser email protected Application: PHP 4.2.0,...

[SECURITY] [DLA 1147-1] exiv2 security update

Package : exiv2 Version : 0.23-1+deb7u2 CVE ID : CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14864 Debian Bug : 876893 The exiv2 library is vulnerable to multiple issues that can all lead to denial of service of the applications relying on the library to parse images...

developer.flightstats.com XSS vulnerability

Open Bug Bounty ID: OBB-369499 Description| Value ---|--- Affected Website:| developer.flightstats.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Preventi...

Multiple XSS Filter Bypasses in validator

Versions of validator prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the blacklist-based filter. Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: This is a test Incomplete...

Kaltura - Remote Code Execution and Cross-Site Scripting

1 Unauthenticated Remote Code Execution through unserialize from cookie data Because of a hardcoded cookie secret, the cookie signature validation can be bypassed and malicious user input can be passed via the 'userzone' cookie to the unserialize function: abstract class kalturaAction extends...

HDW Player,4.0.0, RCE

HDW Player,4.0.0 and all other versions, remote code execution Note that this vulnerabilitiy was supposedly fixed by the developer in version 3.2.2, the fact that this issue has arisen again suggests that the developer is aware of it and has created a deliberate back door. The VEL believe that th...

Mac malware OSX.Proton strikes again

The hackers responsible for the Mac malware OSX.Proton have struck again, this time infecting a copy of the Elmedia Player app that was being distributed from the official Eltima website. At this time, it is still unknown how long their website was providing the hijacked app. Proton was silently...

developer.yahoo.com XSS vulnerability

Vulnerable URL: http://developer.yahoo.com/r3nw4--\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure Timeline...