16 matches found
Medieval Encrypted Letter Decoded
Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860...
CVE-2026-6487 Qihui jtbc5 CMS Code Endpoint manage.php path traversal
A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...
QiHui JBTC CMS 安全漏洞
QiHui JBTC CMS is an open-source content management system developed by QiHui. Version 5.0.3.6 of QiHui JBTC CMS contains a security vulnerability. This vulnerability stems from an unknown function in the component Code Endpoint, which improperly handles parameters with the path parameter in the...
The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers...
diplomatrestaurant.com Improper Access Control vulnerability OBB-3705354
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
diplomathotel.com Cross Site Scripting vulnerability OBB-3314223
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
diplomat-lex.ru Improper Access Control vulnerability OBB-2265095
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
UEFI malware named MosaicRegressor found on Diplomat computers
By Sudais Asif This UEFI based malware is the second of its kind ever known publicly. This is a post from HackRead.com Read the original post: UEFI malware named MosaicRegressor found on Diplomat computers...
Rare Bootkit Malware Targets North Korea-Linked Diplomats
A firmware bootkit has been spotted in the wild, targeting diplomats and members of non-governmental organizations NGOs from Africa, Asia and Europe. It has turned out to be part of a newly uncovered framework called MosaicRegressor. According to researchers from Kaspersky, code artifacts in some...
WordPress ThemeMakers Diplomat|Political theme information leakage vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ThemeMakers Diplomat|Political theme is a theme plugin for diplomatic and political websites. WordPress ThemeMakers Diplomat|Political...
CVE-2015-9481
The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information such as userlogin, userpass, and useremail values via a direct request for the wp-content/uploads/tmmdbmigrate/wpusers.dat URI...
Design/Logic Flaw
The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information such as userlogin, userpass, and useremail values via a direct request for the wp-content/uploads/tmmdbmigrate/wpusers.dat URI...
CVE-2015-9481
The CVE-2015-9481 entry describes an information-disclosure vulnerability in the ThemeMakers Diplomat WordPress theme (through 2015-05-15). An unauthenticated remote attacker can obtain sensitive user data (user_login, user_pass, user_email) by directly requesting the file wp-content/uploads/tmm_...
CVE-2015-9481
The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information such as userlogin, userpass, and useremail values via a direct request for the wp-content/uploads/tmmdbmigrate/wpusers.dat URI...
APT10 Targeting Japanese Corporations Using Updated TTPs
Introduction In July 2018, FireEye devices detected and blocked what appears to be APT10 Menupass activity targeting the Japanese media sector. APT10 is a Chinese cyber espionage group that FireEye has tracked since 2009, and they have a history of targeting Japanese entities. In this campaign, t...
WordPress Diplomat Theme - Information Disclosure
Because of this vulnerability, the attackers can obtain sensitive information. Solution Update the theme...