111 matches found
CVE-2018-12254
router.php in the Harmis Ek rishta aka ek-rishta 2.10 component for Joomla! allows SQL Injection via the PATHINFO to a home/requesteduser/Sent%20interest/ URI...
CVE-2018-12254
CVE-2018-12254 affects the Joomla! Ek Rishta (Harmis Ek rishta) 2.10 component. The vulnerability is a SQL injection in router.php that can be triggered via PATH_INFO to the URI path home/requested_user/Sent%20interest/[username], due to improper handling of input. This allows arbitrary SQL comma...
CVE-2018-12254
router.php in the Harmis Ek rishta aka ek-rishta 2.10 component for Joomla! allows SQL Injection via the PATHINFO to a home/requesteduser/Sent%20interest/ URI...
Joomla Ek Rishta 2.10 SQL Injection
Exploit Title: Joomla! Component Ek Rishta 2.10 - SQL Injection Dork: N/A Date: 08.06.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extension/ek-rishta/ Version: 2.10 Tested on: WiN7x64/ video : https://youtu.be/UWGFVUU9AU0 Exploit Author:...
RIG EK Still Makes Waves, This Time with a Stealthy Backdoor
Exploit kit activity has been declining since the latter half of 2016, but the RIG EK seems to buck the trend. It’s been involved in ongoing activity involving a wide range of crimeware payloads; and the latest campaign saw RIG dropping the Grobios malware, which is tailored to be a really stealt...
A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan
As discussed in previous blogs, exploit kit activity has been on the decline since the latter half of 2016. However, we do still periodically observe significant developments in this space, and we have been observing interesting ongoing activity involving RIG Exploit Kit EK. Although the volume o...
Magnitude exploit kit switches to GandCrab ransomware
The GandCrab ransomware is reaching far and wide via malspam, social engineering schemes, and exploit kit campaigns. On April 16, we discovered that Magnitude EK, which had been loyal to its own Magniber ransomware, was now being leveraged to push out GandCrab, too. While Magnitude EK remains...
Exploit kits: Winter 2018 review
In the past, we used to do a blog series on exploit kits where we would periodically check in on the main players in the market. In March 2017, we wrote the Winter 2017 review, before exploit kit activity dropped down to a whisper. We've since discontinued our blog series, for lack of development...
Ek Rishta SQL Injection Vulnerability in Joomla!
Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. The system provides RSS feeds, site search, etc. Ek Rishta is one of the wedding dating social components. A SQL injection vulnerability exists in Joomla! Ek Rishta version 2.9. A remote...
Ek rishta, 2.9, SQL Injection
Ek rishta by Harmis Technology, versions 2.9 and previous, SQL Injection Resolution: update to 2.10 update notice: https://joomlaextensions.co.in/extensions/other-extensions/product/Ek-Rishta...
Joomla! Ek Rishta 2.9 SQL Injection
Exploit Title: Joomla! Component Ek Rishta 2.9 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/ Version: 2.9 Category: Webapps Tested on:...
CVE-2018-7315
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter...
CVE-2018-7315
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter...
Sql injection
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter...
CVE-2018-7315
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter...
CVE-2018-7315
CVE-2018-7315 is a SQL injection vulnerability in Joomla! Ek Rishta 2.9 (and earlier) where an attacker can exploit parameters such as gender, age1, age2, religion, mothertounge, caste, or country to access or modify backend database. The issue affects the Ek Rishta component for Joomla and is do...
Joomla! Component Ek Rishta 2.9 - SQL Injection
Joomla! Component Ek Rishta 2.9 - SQL Injection Exploit Title: Joomla! Component Ek Rishta 2.9 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/...
Joomla Ek Rishta 2.9 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Ek Rishta 2.9 - SQL Injection Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/ Version: 2.9 Categor...
Joomla! Component Ek Rishta 2.9 - SQL Injection
Exploit Title: Joomla! Component Ek Rishta 2.9 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/ Version: 2.9 Category: Webapps Tested on:...
A week in security (December 04 – December 10)
Last week on the blog, we looked at a RIG EK malware campaign, explored how children are being tangled up in money mule antics, took a walk through the world of Blockchain, and gave a rundown of what's involved when securing web applications. We also laid out the trials and tribulations of the...