WordPress CMS Tree Page View 1.4 Plugin - Cross-Site Request Forgery / Privilege Escalation Exploit

Exploit for php platform in category web applications Exploit Title: CMS Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link:...

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery Privilege Escalation

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery Privilege Escalation Exploit Title: CMS Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/...

WordPress Admin Menu Tree Page View 2.6.9 CSRF / Privilege Escalation

Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/admin-menu-tree-page-view Version: 2.6.9...

WordPress CMS Tree Page View 1.4 CSRF / Privilege Escalation

Exploit Title: CMS Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/cms-tree-page-view Version: 1.4 Tested on:...

VK.com: CSRF в m.vk.com

Отсутствие проверки хеша при скрытии записей в мобильной ленте...

CVE-2017-11882

creationtimestamp| type| source ---|---|--- 2017-11-15 11:11:01+00:00| exploited| https://t.me/informationsecuritychannel/11068 2017-11-15 18:56:28+00:00| seen| https://t.me/cybershit/173 2017-11-15 21:50:34+00:00| exploited| https://t.me/informationsecuritychannel/11105 2017-11-21 07:39:51+00:00...

My Blogging

Blog regulars will notice that I haven't been posting as much lately as I have in the past. There are two reasons. One, it feels harder to find things to write about. So often it's the same stories over and over. I don't like repeating myself. Two, I am busy writing a book. The title is still:...

EMC RSA Archer Privilege Bypass Vulnerability

EMC RSA Archer is an enterprise IT governance and compliance governance product from EMC Corporation EMC. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. A privilege bypass vulnerability exists in EMC RSA Archer. A remote...

FIN10 Extorting Canadian Mining Companies, Casinos

Cybercriminals targeting casinos and mining firms in North America have extorted as much as $620,000 per theft during a four-year run in which they threaten victims with the destruction or public release of stolen data. Between 2013 and 2016, mostly Canadian firms were hit with nearly a dozen...

Sensitive Information Leak

Moodle is vulnerable to a sensitive information leak. blog/rsslib.php does not prevent guest users from accessing sensitive information from hidden blog posts through related RSS feeds for site-level blogs...

Cross-site Request Forgery (CSRF)

Moodle is vulnerable to cross-site request forgery CSRF attacks. The attacks exist because the checking of session keys is not done in markposts.php, allowing an attacker to hijack an authentication of user for requests that marks forum posts as read...

WordPress REST API Posts Controller Privilege Escalation

A privilege escalation vulnerability exists in WordPress. The vulnerability is due to improper handling of post id's within the REST API posts controller. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to a vulnerable WordPress website...

CVE-2017-8298

cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts Add New" action, and during creation of new tags and users...

CVE-2017-8298

cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts Add New" action, and during creation of new tags and users...

Code injection

cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts Add New" action, and during creation of new tags and users...

CVE-2017-8298

CVE-2017-8298 affects cnvs.io Canvas 3.3.0. The vulnerability is a Cross‑Site Scripting (XSS) issue present in the title and content fields when using the Posts > Add New action, and during creation of new tags and users. The provided connected documents confirm the same description across mul...

CVE-2017-8298

cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts Add New" action, and during creation of new tags and users...

My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection

The plugin my-geo-posts-free insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over HTTP requests to sites with the my-geo-posts-free Plugin. The original researcher...

UBUNTU-CVE-2016-3734

Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...

CVE-2016-3734

Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...