WordPress plugin LJ comments import: reloaded 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2005-4449

Malware in sbrugna...

EUVD-2004-0310

Malware in sbrugna...

EUVD-2005-4450

Malware in sbrugna...

EUVD-2007-0164

Malware in sbrugna...

CVE-2005-4455

cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi...

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut LNK file...

LiveJournal Shortcode <= 1.1.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add this shortcode to a page...

LiveJournal Shortcode <= 1.1.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add this shortcode to a page: lj...

SUSE CVE-2006-0496

Cross-site scripting XSS vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding Cascading Style Sheets CSS property, which does not...

SUSE CVE-2015-3234

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers...

This $350 "Anti-5G" Device Is Apparently Just a USB Stick

Plus: A LiveJournal hack, Qatar's contact-tracing privacy failure, and more of the week's top security news...

Hackers Sell Data from 26 Million LiveJournal Users on Dark Web

A database containing credentials from more than 26 million LiveJournal accounts has been leaked online and is being sold on the Dark Web and hacker forums. The data contained in the files appears to be from a 2014 incident in which 33 million accounts were hacked, according to a published report...

livejournal.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1144535 Security Researcher amlnspqr Helped patch 1852 vulnerabilities Received 7 Coordinated Disclosure badges Received 36 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting livejournal.com website a...

m.livejournal.com XSS vulnerability

Open Bug Bounty ID: OBB-641655 Description| Value ---|--- Affected Website:| m.livejournal.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

livejournal.com XSS vulnerability

Open Bug Bounty ID: OBB-592692 Description| Value ---|--- Affected Website:| livejournal.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

livejournal.com XSS vulnerability

Open Bug Bounty ID: OBB-592021 Description| Value ---|--- Affected Website:| livejournal.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

livejournal.com XSS vulnerability

Open Bug Bounty ID: OBB-319873 Description| Value ---|--- Affected Website:| livejournal.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

livejournal.com XSS vulnerability

Vulnerable URL: http://www.livejournal.com/syn/list.bml%22%3E%3Cscript%3Ealert'OPENBUGBOUNTY'%3C/script%3E?page=1 Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 19:55 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

livejournal.com XSS vulnerability

Vulnerable URL: http://www.livejournal.com/support/help.bml?sort=date'accesskey='X' onclick='alert/OPENBUGBOUNTY/'=3264879331=communities,docs,entries,general,mobile,scrapbook,styles,syn,images,troubleshoot Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:|...