WordPress 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Membership & Learning Management System Plugin for WordPress plugin prior to version 4.21.1, which stems from the plugin generating...

Zope 跨站脚本漏洞

Zope is a set of object-oriented, open source web application servers written in the Python language from the Zope ZOPE community. A cross-site scripting vulnerability exists in Zope Products.CMFCore before 2.5.1 and PluggableAuthService before 2.6.2, which stems from allowing reflection of XSS...

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers

Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System DNS resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw, called 'TsuNAME,' was discovered by researche...

SUSE: Security Advisory (SUSE-SU-2019:1181-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary There is various type of vulnerabilities in Bouncy Castle that affect Apache Solr. The list can be found at Vulnerability Details section. Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute...

“Huge upsurge” in DDoS attacks during pandemic

Researchers at Netscout have released a report analyzing the malicious internet traffic of 2020 and comparing it to the years before. Some of the results were as expected: Brute-forcing credentials and more targeting towards internet-connected devices were foreseeable and have been discussed at...

Security fix for the ALT Linux 9 package glpi version 9.5.4-alt1

9.5.4-alt1 built April 14, 2021 Pavel Zilke in task 269862 March 31, 2021 Pavel Zilke - New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS...

GLPI 9.5.3 Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

GLPI 9.5.3 - 'fromtype' Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

GLPI 9.5.3 - (fromtype) Unsafe Reflection Vulnerability

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical advisories:...

Plex Media Server < 1.21.3.4014 SSDP (PMSSDP) Reflection/Amplification DDoS Attack

Plex Media Server installations in a specific and uncommon network position could potentially be used to reflect UDP traffic on certain device-discovery ports as part of a possible DDoS distributed denial-of-service attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be...

Cybercriminals Now Using Plex Media Servers to Amplify DDoS Attacks

A new distributed denial-of-service attack DDoS vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it ca...

Cybercriminals Now Using Plex Media Servers to Amplify DDoS Attacks

A new distributed denial-of-service attack DDoS vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it ca...

RDP abused for DDoS attacks

We have talked about RDP many times before. It has been a popular target for brute force attacks for a long time, but attackers have now found a new way to abuse it. Remote access has become more important during the pandemic, with as many people as possible try to work from home. Which makes it...

SDWAN Center : (CVE-1999-0517)SNMP Agent's Default Community string (PUBLIC) and SNMP 'GETBULK' Reflection DDoS

Vulnerability issue...

EulerOS Virtualization 3.0.6.6 : bind (EulerOS-SA-2020-2444)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker...

BugPoC: Solution to the XSS Challenge

Summary: This challenge is very tricky and advanced. I have reached a part where I can execute my JS code, but that payload is blocked as of now by "allow-modals" missing value in the "sandbox" attribute. Following is a better explanation of where I am right now. Steps To Reproduce: 1. Keep the...

Gym Management System 1.0 - Stored Cross Site Scripting

Exploit Title: Gym Management System 1.0 - Stored Cross Site Scripting Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...

School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC

Exploit Title: School Faculty Scheduling System 1.0 - Stored Cross Site Scripting Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...

Employee Management System 1.0 - Cross Site Scripting (Stored)

Exploit Title: Employee Management System 1.0 - Stored Cross Site Scripting Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...