Cross site scripting

Cross-site scripting XSS vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name...

Sizing Up The Scourge of Credential Stuffing

Last year, 2.3 billion credentials were stolen from 51 different organizations, including Ancestry.com, Imgur and Virgin America. Where do all those user names go? In Shape Security’s second annual Credential Spill Report, it found that billions of stolen digital IDs are contributing to an epidem...

Active Directory Reconnaissance: ADRecon

ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...

WordPress WP User Groups Cross-Site Request Forgery Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WP User Groups is used in one of the user management plugin. A cross-site request forgery vulnerability exists in the...

CVE-2018-1000507

WP User Groups version 2.0.0 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1...

Cross site request forgery (csrf)

WP User Groups version 2.0.0 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1...

CVE-2018-1000507

WP User Groups version 2.0.0 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1...

CVE-2018-1000507

WP User Groups version 2.0.0 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1...

CVE-2018-1000507

WP User Groups plugin for WordPress version 2.0.0 contains a CSRF vulnerability in the Settings page that allows modification of user groups/types. The issue is exploitable when an administrator clicks a crafted link, according to the CVE description. Mitigation noted: the vulnerability was fixed...

The Effects of Iran's Telegram Ban

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used...

CVE-2018-12615

An issue was discovered in switchGroup in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups gidset is not set correctly, leaving it up to randomness i.e., uninitialized memory which supplementary groups are actually being set while lowering privileges...

Global Threats to Information Systems

The advanced capabilities of organized hacker groups and cyber threat actors are an increasing global threat to information systems. Rising threat levels place more demands on cybersecurity personnel and network administrators to protect information systems. Protecting network infrastructure is...

Pseudo-Shell Post-Exploitation Module

This module will run a Pseudo-Shell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'readline' class MetasploitModule Msf::Post include Msf::Post::File include Msf::Post::Unix include Msf::Post::Linux::System...

Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses

ARCHIVED STORY Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses By Trellix · June 18, 2018 Every week we read about adversaries attacking their targets as part of online criminal campaigns. Information gathering, strategic advantage, and theft of intellectual property are some of the...

CVE-2018-5751

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs...

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 2.8.5 - Authenticated Code Execution vulnerability

Authenticated Code Execution vulnerability found in WordPress ProfileGrid– User Profiles, Groups and Communities plugin versions = 2.8.5. Solution Update the WordPress ProfileGrid – User Profiles, Groups and Communities plugin to the latest available version at least 2.8.6...

Zimbra 8.7.x < 8.7.11 Patch4, 8.8.x < 8.8.8 Patch4 XSS Vulnerability

Zimbra is prone to a persistent cross-site scripting XSS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Gain Visibility and Continuous Security Across All Your Public Clouds

As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes. Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their...

Misconfigured Google Groups Settings Leaking Sensitive Data

By Uzair Amir Kenna Security in collaboration with KrebsOnSecurity has identified the presence This is a post from HackRead.com Read the original post: Misconfigured Google Groups Settings Leaking Sensitive Data...

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Thousands of organizations out there are leaking some form of sensitive email, according to an analysis, thanks to a widespread misconfiguration in Google Groups. According to Kenna Security, the afflicted include Fortune 500 companies, hospitals, universities and colleges, newspapers and...