4109 matches found
Are Your Google Groups Leaking Data?
Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who've been busy cataloging thousands of companies that are usi...
How to Provision Network Bandwidth in a NetScaler SD-WAN Appliance
This article describes how the bandwidth provisioning works in a NetScaler SD-WAN and how to modify the bandwidth provisioning parameters based on the network requirements. Background The SD-WAN provisioning allows for the bidirectional LAN to WAN/WAN to LAN distribution of bandwidth for a WAN Li...
A conversation with America Geeks
Thanks to NeeP for contributing significant research. You can check out NeeP's YouTube channel here. Malwarebytes has written quite a bit about tech support scammers, typically focusing on new scam techniques as they arise with new threat actor groups. But sometimes our research discovers scammer...
Joomla Multiple Vulnerabilities (20180502, 20180501)
Joomla is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"; ifdescription...
Design/Logic Flaw
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions...
CVE-2018-11323
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions...
CVE-2018-11323
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions...
CVE-2018-11323
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions...
Hurdles Remain After Senate Votes To Restore Net Neutrality
The U.S. Senate this week gave the nod to restoring net neutrality regulations that would prevent ISPs from controlling access to certain websites. But roadblocks remain, even as the legislation is pushed on the fast track to a House vote: Bigwig ISPs, independent ISPs, small businesses, Democrat...
ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution
The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. Send an authenticated POST request to...
ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution
The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. PoC Send an authenticated POST request to...
WordPress WP User Groups plugin <=2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Tom Adams dxw in WordPress WP User Groups plugin versions =2.0.0. Solution Update the WordPress WP User Groups plugin to the latest available version at least 2.1.0...
WordPress WP User Groups Plugin Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress WP User Groups plugin version 2.0.0, which can be exploited by...
Kliqqi CMS Cross-Site Scripting Vulnerability
Kliqqi CMS is a content management system CMS. A cross-site scripting vulnerability exists in Kliqqi CMS version 3.5.2. The vulnerability can be exploited to inject malicious script via a specially crafted group name in the pligg/groups.php file, a specially crafted Homepage string in the profile...
WordPress WP User Groups 2.0.0 Cross Site Request Forgery
Details ================ Software: WP User Groups Version: 2.0.0 Homepage: https://wordpress.org/plugins/wp-user-groups/ Advisory report: https://advisories.dxw.com/advisories/csrf-wp-user-groups/ CVE: Awaiting assignment CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N Description ================...
WordPress WP User Groups 2.0.0 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Details ================ Software: WP User Groups Version: 2.0.0 Homepage: https://wordpress.org/plugins/wp-user-groups/ Advisory report: https://advisories.dxw.com/advisories/csrf-wp-user-groups/ CVE: Awaiting assignment CVSS: 4.3 Medium;...
WP User Groups <= 2.0.0 - Cross-Site Request Forgery (CSRF)
CSRF allows modification of user groups and types...
Microsoft Windows 10: Access this computer from the network
The Access this computer from the network policy setting determines which users can connect to the device from the network. This capability is required by a number of network protocols, including Server Message Block SMB-based protocols, NetBIOS, Common Internet File System CIFS, and Component...
Invoke-ATTACKAPI - A PowerShell Script To Interact With The MITRE ATT& CK Framework Via Its Own API
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API in order to gather information about techniques, tactics, groups, software and references provided by the MITRE ATT&CK Team @MITREattack. Goals Provide an easy way to interact with the MITRE ATT&CK Framework via its o...
HackerOne: Team object in GraphQL discloses team group names and permissions
Summary: Hi team. We can disclosed your team member groups ; Description: Because of the communications error, we can disclose the data - teammembergroupsid,name,permissions Steps To Reproduce 1. "query": "query...