CVE-2024-41767

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

Metasploit Weekly Wrap-Up 09/13/2024

SPIP Modules This week brings more modules targeting the SPIP publishing platform. SPIP has gained some attention from Metasploit community contributors recently and has inspired some PHP payload and encoder improvements. New module content 2 SPIP BigUp Plugin Unauthenticated RCE Authors: Julien...

Known 注入漏洞

Known is a social publishing platform open-sourced by Known in the United States. A security vulnerability exists in Known v1.3.1 and below, which stems from the discovery of a vulnerability that allows an attacker to perform an account takeover via a host header injection attack...

PESCMS cross-site scripting vulnerability

A cross-site scripting vulnerability exists in PESCMS version V2.3.3, a content publishing platform. The vulnerability stems from App/Team/GET/Report.php missing a data validation filter for user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on t...

PESCMS 跨站请求伪造漏洞

PESCMS is a content publishing platform. A security vulnerability exists in PESCMS version V2.3.3. An attacker exploited the vulnerability to delete the accounts of admin and other members...

Jiangsu Fargo Streaming Publishing Platform has xss vulnerability

Streaming Media Distribution Platform is a powerful and specialized streaming media distribution system suitable for long-time uninterrupted work, based on years of experience in streaming media R&D and telecom industry services. Streaming Media Distribution Platform has an xss vulnerability in t...

Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability

Document Title: =============== Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1820 Release Date: ============= 2016-04-18 Vulnerability Laboratory ID VL-ID: ==================================...

Debian Security Advisory DSA 3227-1 (movabletype-opensource - security update)

John Lightsey discovered a format string injection vulnerability in the localisation of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user. OpenVAS Vulnerability Test $Id: deb3227.nasl...

Omeka 2.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

html...

WordPress Sites Targeted by Mass Brute-force Botnet Attack

US-CERT is aware of an ongoing campaign targeting the content management software WordPress, a free and open source blogging tool and web publishing platform based on PHP and MySQL. All hosting providers offering WordPress for web content management are potentially targets. Hackers reportedly are...

WordPress Hit by Password-Reset Vulnerability

Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform. The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin accoun...