No More Tears: WannaCry Highlights Importance of Prompt Vulnerability Detection, Remediation

It didn’t have to happen. That’s the simple yet profound lesson from WannaCry’s ransomware rampage that has infected 300,000-plus systems in more than 150 countries, disrupting critical operations across industries, including healthcare, government, transportation and finance. If vulnerable syste...

Next Payload Could be Much Worse Than WannaCry

No one should be letting their guard down now that the WannaCry ransomware attacks have been relatively contained. Experts intimately involved with analyzing the malware and worldwide attacks urge quite the opposite, warning today that there’s nothing stopping attackers from using the available N...

vcaxxx.com XSS vulnerability

Vulnerable URL: http://www.vcaxxx.com/?nats="MC4wLjkuOS4wLjAuMC4wLjA Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 31.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4470212 VIP website status:| No Check...

Player 3 Has Entered the Game: Say Hello to 'WannaCry'

This post was authored by Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams.Executive SummaryA major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware...

linhadapraia.pt XSS vulnerability

Vulnerable URL: http://linhadapraia.pt/en/imoveiscat.php?s=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E=%22%3E%3Csvg/onload=prompt/openbugbounty/%3E%20==========&1==----- Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 20:01 GMT Vulnerability...

Microsoft's New Security Update Guides Get Mixed Reviews

Microsoft is receiving mixed reviews for its shift to delivering security update information via its newly launched Security Update Guides. The change was official in April, with Microsoft explaining it would allow system administrators to effectively pair specific patches with vulnerabilities, a...

CVE-2015-0790

...

myhomehunter.ca XSS vulnerability

Vulnerable URL: http://www.myhomehunter.ca/listingresults.asp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check myhomehunter.ca...

Microsoft IIS WebDav ScStoragePathFromUrl Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule ' Microsoft IIS WebDav ScStoragePathFromUrl Overflow', 'Description' = %q Buffer overflow in the ScStoragePathFromUrl function in the WebDAV servic...

bachmann-pflanzentrays.ch XSS vulnerability

Vulnerable URL:...

kb.act.com XSS vulnerability

Vulnerable URL: http://kb.act.com/ci/fattach/get/33949/1494124269/filename/svgxss.svg Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check kb.act.com SSL...

olddealer.mustek.co.za XSS vulnerability

Vulnerable URL: http://olddealer.mustek.co.za/new-password.html Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

maerkte.nordbayern.de XSS vulnerability

Vulnerable URL: http://maerkte.nordbayern.de/adpres/srch.do?opCode=doSrch=suchmarktgesundTrefferanzahlSt=10=0=0=1=0=nz=default=1493888493324=%3E%27%3E%22%3Es%3Ci%3Ei%3Cimg+src%3Dx+onerror%3Dprompt%28%2Fopenbugbounty%2F%29%3EFreitext=rFreitextAND=r=PLZLbDispl=PLZLb==radius= Details: Description|...

khaosokaccommodation.com XSS vulnerability

Vulnerable URL: https://www.khaosokaccommodation.com/wp-content/plugins/mgl-instagram-gallery/single-gallery.php?media=eCIgLz48c2NyaXB0PmFsZXJ0KCdPUEVOQlVHQk9VTlRZJyk8L3NjcmlwdD4= Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 21:19 GMT...

vurv.cz XSS vulnerability

Vulnerable URL: https://www.vurv.cz/index.php?searchtext=%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E=search=instituceen Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

platinumtravel.ie XSS vulnerability

Vulnerable URL: http://www.platinumtravel.ie/bookitnow.ie/EscortedToursEuropeTours.php?Britain%20&%20Ireland%20ExplorerEscortedTour?id=262"'--!cat=11= Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 19:41 GMT Vulnerability type:| XSS...

emilystar.com XSS vulnerability

Vulnerable URL: http://www.emilystar.com/t1/?nats=%22%3E%3Cimg%20src=x%20onerror=prompt%27OPENBUGBOUNTY%27;%3EMTcxOS4yNS4yNy4xMTQuMS4wLjAuMC4w Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

A Storm’s a Coming: How businesses can defend against threat actor groups like Pawn Storm

Pawn Storm aka Sednit5, Fancy Bear, APT28, Sofacy and STRONTIUM8 might sound like Instagram accounts, top-secret spy programs or recently passed legislation, but in reality they are all different names for the same successful cyber espionage group or threat actor group. These actors often use...

WordPress Plugin Nelio AB Testing Server-Side Request Forgery (SSRF)

Case Study: SSRF in Nelio AB Testing WordPress Plugin Nelio AB Testing is a WordPress plugin used for A/B Testing in WordPress pages. We can download the source-code of the Plugin from plugins.svn.wordpress.org/nelio-ab-testing/tags/4.5.8/. Server-side Request Forgery SSRF is a vulnerability wher...

joubertrealty.com XSS vulnerability

Vulnerable URL: http://www.joubertrealty.com/website/property-search?option=comezrealty=properties=results=66=0"--!"=0=0=0=0squarefeetsquarefeet=0=0&custom4;&custom5;&custom6;&custom7;&custom8;=1=6=0=0=DEFAULT=Search Details: Description| Value ---|--- Patched:| No Latest check for patch:|...