Cross site scripting

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the /admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to...

CVE-2021-42365 Asgaros Forums <= 1.15.13 Authenticated Stored XSS

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the /admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to...

CVE-2021-42365

The CVE-2021-42365 entry concerns the Asgaros Forums WordPress plugin. Affected software: Asgaros Forums for WordPress (versions up to and including 1.15.13). Root cause: insufficient escaping of the name parameter in the admin-structure-table.php file, enabling Stored Cross-Site Scripting. Explo...

CVE-2021-42365 Asgaros Forums <= 1.15.13 Authenticated Stored XSS

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the /admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin Asgaros Forums 1.15.13 and its previous...

Asgaros Forums < 1.15.14 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the /admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations wher...

Russian language hacking forums warming up to Chinese hackers

By Waqas Russian cybercrime and hacking forums are opening doors to Chinese and English-speaking threat actors, which so far had been a relatively restricted domain for them. This is a post from HackRead.com Read the original post: Russian language hacking forums warming up to Chinese hackers...

Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash

Russian-language group Void Balaur, also tracked under the name Rockethack, has been identified as a prolific cyber-mercenary group, available for hire to break into the email and social-media accounts of high-profile, high-stakes targets around the world. After monitoring Void Balaur for more th...

Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Three separate threat groups are all using a common initial access broker IAB to enable their cyberattacks, according to researchers – a finding that has revealed a tangled web of related attack infrastructure underpinning disparate and in some cases rival malware campaigns. The BlackBerry Resear...

Oracle WebCenter Portal RCE (Oct 2021 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the October 2021 Critical Patch Update CPU. It is, therefore, affected by a vulnerability in the Discussion Forums XStream component that is easily exploitable by a remote, low privileged attacker...

Is There Really Such a Thing as a Low-Paid Ransomware Operator?

ARCHIVED STORY Is There Really Such a Thing as a Low-Paid Ransomware Operator? By Thibault Seret · October 18, 2021 Introduction Going by recent headlines you could be forgiven for thinking all ransomware operators are raking in millions of ill-gotten dollars each year from their nefarious...

New BloodyStealer malware steals data from gamers on EA, Epic, Steam

By Waqas The BloodyStealer malware is sold on Russian hacking forums while its capabilities include stealing gaming logs, login credentials, and much more. This is a post from HackRead.com Read the original post: New BloodyStealer malware steals data from gamers on EA, Epic, Steam...

ohioccwforums.org Improper Access Control vulnerability OBB-2149308

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.

In June 2019, Mandiant Threat Intelligence first reported to customers a pro-People’s Republic of China PRC network of hundreds of inauthentic accounts on Twitter, Facebook, and YouTube, that was at that time primarily focused on discrediting pro-democracy protests in Hong Kong. Since then, the...

Cybercriminals Selling Access to Compromised Networks: 3 Surprising Research Findings

Cybercriminals are innovative, always finding ways to adapt to new circumstances and opportunities. The proof of this can be seen in the rise of a certain variety of activity on the dark web: the sale of access to compromised networks. This type of dark web activity has existed for decades, but i...

Top CVEs Trending with Cybercriminals

Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities and Exposures CVEs threat actors are most focused on. This, in turn, offers defenders clues on what to watch out for. An analysis of such chatter, by Cognyte, examined 15 cybercrime forums...

CVE-2010-4266

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher...

CVE-2010-4264

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side...

Code injection

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher...

Cross site scripting

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side...