CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

Command injection

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

CVE-2020-7752 Command Injection

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands...

IceWarp Email Server File Upload Vulnerability

IceWarp Email Server is a commercial email and groupware server developed by IceWarp. A file upload vulnerability exists in IceWarp Email Server 12.3.0.1, which can be exploited by an attacker to upload dangerous JavaScript files...

CVE-2020-14066

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access...

Design/Logic Flaw

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access...

SecretFinder - A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT...) And Search Anything On Javascript Files

SecretFinder is a python script based on LinkFinder, written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression. The regular expressions consists of...

Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets

Magecart strikes again! Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings. Since Magecart is neither a single group nor a specific malwa...

How was I to find Donald Daters applications database vulnerabilities-vulnerability warning-the black bar safety net

Monday night as usual I watch TV to pass the time, but there is nothing interesting in the program. So I decided on the phone looking for fun, I started aimlessly on Twitter through various tweets, a Fox News push content caught my attention. ! Someone of Trump's supporters developed a...

CVE-2017-16139

jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions...

Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files

Researchers are warning of a new email phishing campaign that downloads and launches the Quant Loader trojan, capable of distributing ransomware and stealing passwords. Barracuda on Tuesday said it has been tracking emails containing zipped Microsoft internet shortcut files with a “.url” file...

WordPress Denial of Service Vulnerability (CNVD-2018-05439)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress 4.9.2 and earlier versions. An attacker can cause a denial of...

Design/Logic Flaw

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times...

UBUNTU-CVE-2018-6389

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times...

DEBIAN-CVE-2018-6389

In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from wp-includes/script-loader.php to construct a series of requests to load every file many times...

PT-2018-17524 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.9.3 Description: The issue allows unauthenticated attackers to cause a denial of service by consuming resources. This can be achieved by constructing a series of requests to load a large number of registered .js...

WordPress 'load-scripts.php' DoS Vulnerability - Linux

WordPress is prone to a denial of service DoS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

FreeBSD : wordpress -- multiple issues (a2589511-d6ba-11e7-88dd-00e04c1ea73d)

wordpress developers reports : Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the language attributes used on html elements. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. Remove the ability to upload...