40 matches found
CVE-2016-20072
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
EUVD-2016-10884
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20072
CVE-2016-20072 affects the BBS e-Franchise 1.1.1 WordPress plugin. The vulnerability is an SQL injection in the uid parameter used by the plugin’s shortcode, enabling unauthenticated attackers to craft requests (Union-based SQLi) to extract sensitive data (e.g., user information, taxonomy terms)....
PT-2026-49210
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to...
Tax refund scam targets Californians
The State of California Franchise Tax Board FTB recently issued a warning to taxpayers to protect themselves from tax scams. In their warning the FTB states: “Recently, the FTB received reports of a scam targeting taxpayers through text messages that appear to be from FTB. These text messages...
canadafranchiseopportunities.ca Cross Site Scripting vulnerability OBB-3858385
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
franchiseinstitute.eu Improper Access Control vulnerability OBB-3824519
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish
The Quick Serve Restaurant QSR industry is built on consistency and shared resources. National chains like McDonald's and regional ones like Cracker Barrel grow faster by reusing the same business model, decor, and menu, with little change from one location to the next. QSR technology stacks mirr...
SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish
The Quick Serve Restaurant QSR industry is built on consistency and shared resources. National chains like McDonald's and regional ones like Cracker Barrel grow faster by reusing the same business model, decor, and menu, with little change from one location to the next. QSR technology stacks mirr...
mobile.toute-la-franchise.com Cross Site Scripting vulnerability OBB-3197129
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
impulsion-franchise.fr Cross Site Scripting vulnerability OBB-2856628
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
australianfranchisemarketplace.com.au Cross Site Scripting vulnerability OBB-2827352
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cms.franchise.thedigitalbuzzmagazine.com Cross Site Scripting vulnerability OBB-2472525
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Ransomware Operators Found Using New "Franchise" Business Model
We found a relatively new and interesting ransomware operation that takes inspiration from franchise business models. It seems that the operators are rebranding a "supplier" ransomware before deployment instead of simply distributing it under the original name...
Ransomware Operators Found Using New "Franchise" Business Model
We found a relatively new and interesting ransomware operation that takes inspiration from franchise business models. It seems that the operators are rebranding a "supplier" ransomware before deployment instead of simply distributing it under the original name...
Talos Takes Ep. #57: A ransomware-as-a-service explainer
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. How much is ransomware-as-a-service like a McDonald’s franchise? More similar than you’d think! The RaaS model has... This...
Dickey's BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker's Stash
Popular U.S. smoked-meat franchise Dickey’s Barbecue Pit has been hit with a data breach, with cybercriminals posting the fat cap of the compromised data – 3 million payment cards – on the popular Joker’s Stash underground marketplace this week. The Dallas-based franchise, which is a subsidiary o...
Friday Squid Blogging: Introducing the Seattle Kraken
The Kraken is the name of Seattle's new NFL franchise. I have always really liked collective nouns as sports team names like the Utah Jazz or the Minnesota Wild, mostly because it's hard to describe individual players. As usual, you can also use this squid post to talk about the security stories ...