EUVD-2009-0449

Malware in sbrugna...

Impressions from PHDays Fest

Impressions from PHDays Fest. The scale was just insane. You walk and walk - and there's action everywhere, and all of it is PHDays, every bit of it. It totally blew my mind, I saw just a tiny fraction of everything that was going on. In the public area, I was impressed by the university pavilion...

PT-2024-34625 · Shenzhen Interconnection Harbor Network Technology Co. · Ofweek Online Exhibition

Name of the Vulnerable Software and Affected Versions: Shenzhen Interconnection Harbor Network Technology Co., Ltd Ofweek Online Exhibition version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code due to a Cross Site Scripting vulnerability. Recommendations: For...

CVE-2024-51419

CVE-2024-51419 affects Shenzhen Interconnection Harbor Network Technology Co., Ltd. Ofweek Online Exhibition v1.0.0. The vulnerability is a Cross Site Scripting (XSS) flaw that enables a remote attacker to execute arbitrary code. The NVD entry lists the exploit path as network-based with no privi...

CVE-2024-51419

Cross Site Scripting vulnerability in Shenzhen Interconnection Harbor Network Technology Co., Ltd Ofweek Online Exhibition v.1.0.0 allows a remote attacker to execute arbitrary code...

Harbor OFweek Online Exhibition 安全漏洞

Harbor OFweek Online Exhibition is an online exhibition program from Harbor China. A security vulnerability exists in Harbor OFweek Online Exhibition version v.1.0.0. A remote attacker can exploit the vulnerability to execute arbitrary code...

derinyaartexhibition.com.au Cross Site Scripting vulnerability OBB-3881942

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

derinyaartexhibition.com.au Cross Site Scripting vulnerability OBB-3734494

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

derinyaartexhibition.com.au Cross Site Scripting vulnerability OBB-3689098

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

exhibitors.analytica.de Cross Site Scripting vulnerability OBB-3202614

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Friday Squid Blogging: Colossal Squid in New Zealand Museum

Its in Timaru. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

thailandexhibition.com Cross Site Scripting vulnerability OBB-2784983

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

chinaexhibition.com Cross Site Scripting vulnerability OBB-2152269

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

thailandexhibition.com Improper Access Control vulnerability OBB-1303368

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

SQL Injection Vulnerability in Do***.cl***.php File of Web Exhibition Chinese and English Enterprise Website Management System

Netizen Chinese and English enterprise website management system is developed using PHP + MYSQL technology and MVC mode, code is easy to maintain, support for pseudo-static function, can generate google and baidu maps, support for customizing url, keywords and descriptions, in line with SEO...

Web exhibition PHP foreign trade enterprise website red style has SQL injection vulnerability

Netzhan Technology Beijing Century Netzhan Technology Co., Ltd. is an Internet service operator specializing in the field of exhibition shows. Nethub PHP foreign trade enterprise website red style SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive...

Microsoft Edge Chakra CFG Bypass Due To Bug In ServerFreeAllocation Vulnerability

Charka suffers from a CFG bypass due to a bug in ServerFreeAllocation. Chakra: CFG bypass due to a bug in ServerFreeAllocation CVE-2017-11874 Chakra JIT server exposes a ServerFreeAllocation method that can be used to free an existing JIT allocation for example when the corresponding function get...

ZeroNights 2017: back to the cyber 80s

Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions. First of all, I want to say that two main Moscow events for information security practitioners, PHDays and...

exhibitionfloor.himss.org XSS vulnerability

Open Bug Bounty ID: OBB-248822 Description| Value ---|--- Affected Website:| exhibitionfloor.himss.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CISO Forum 2017

Last week I have attended CISO Forum 2017 in Moscow. I was talking there about "Vulnerability Quadrants: automated hot topic detection in public vulnerability CVE flow". Today I want to share my impressions about the forum itself. To be short, I liked it very much. Both exhibition and...