Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider , a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and...

CVE-2024-51615

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through = 3.7...

canallector.com Cross Site Scripting vulnerability OBB-3931719

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

owen-munisamy.com Cross Site Scripting vulnerability OBB-3848199

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

JVN#98975951: Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting

Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the developer...

willisowen.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-539531 Description| Value ---|--- Affected Website:| willisowen.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

owenbroscommercials.com XSS vulnerability

Vulnerable URL: http://www.owenbroscommercials.com/salevehicle.php?id=13'"157 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

HybridAuth Social Login - Less Critical - Information Disclosure - SA-CONTRIB-2015-097

HybridAuth Social Login module enables you to allow visitors to authenticate or login to a Drupal site using their identities from social networks like Facebook or Twitter. The module may store user passwords in plain text. This vulnerability is mitigated by the fact that the option "Ask user for...

SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF)

Log Watcher allows you to monitor your site logs in a systematic way by setting up scheduled aggregations for specific log types. The report administration links are not properly protected from CSRF. A malicious user could cause a log administrator to enable, disable, or delete a Log Watcher repo...

SA-CONTRIB-2015-012 - Jammer - Cross Site Request Forgery (CSRF)

This module enables you to hide or remove items from displaying including the node and comment preview buttons, node delete button, revision log textarea, workflow form on the workflow tab, and feed icon. The report administration links are not properly protected from CSRF. A malicious user could...

WordPress Plugin Auctions 1.8.8 - wpa_id SQL Injection

WordPress Plugin Auctions 1.8.8 - wpaid SQL Injection source: https://www.securityfocus.com/bid/49625/info Auctions plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...

WordPress Plugin Auctions 1.8.8 - 'wpa_id' SQL Injection

source: https://www.securityfocus.com/bid/49625/info Auctions plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

SA-CONTRIB-2011-038 - Taxonomy Views Integrator - Cross Site Scripting

This module enables you to override whole vocabularies or individual terms with the View of your choice. The module did not filter user entered term descriptions for Cross Site Scripting XSS injections. This vulnerability is mitigated by the fact that an attacker must have a role with the...

NZ telco hires admitted botnet operator

By Michael Field, Sydney Morning Herald TelstraClear, Telstra’s New Zealand subsidiary, has hired one of the worlds best known hackers smh.com.au — a teenager known as “Akill”. Owen Thor Walker, a 19-year-old who became the subject of a US Federal Bureau of Investigation’s “Operation Bot Roast”...

SA-CONTRIB-2009-009 Forward module can be used as a spam relay

This vulnerability allows spammers or spambots to use sites with the Forward module installed to send nearly unlimited e-mail. Due to improper use of Drupal's flood control API, it is possible for one user to send an unlimited numbers of mails using the forward module. Important note : the securi...