Joomla! JE PayperVideo SQL Injection Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other features . JE PayperVideo component is used in one of the multimedia playback components . A SQL injection vulnerability exists in Jooml...

subscriptions.cbc.ca XSS vulnerability

Open Bug Bounty ID: OBB-554191 Description| Value ---|--- Affected Website:| subscriptions.cbc.ca Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosur...

Important: Red Hat Security Advisory: Red Hat Satellite 6 security, bug fix, and enhancement update

An update is now available for Red Hat Satellite 6.2 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

CVE-2018-6577

SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usrplan parameter in a view=myplans&task=myplans.usersubscriptions request...

NorkNork - Powershell Empire Persistence Finder

This script was designed to identify Powershell Empire persistence payloads on Windows systems. It currently supports checks for these persistence methods: Scheduled Tasks Auto-run WMI subscriptions Security Support provider Ease of Access Center backdoors Machine account password disable INSTALL...

Filter Subscription emails should not be sent to deactivated users.

h3. Summary Email Filter Subscriptions are still sent after an user is marked as deactivated. h3. Steps to Reproduce Create a user belonging to jira-users group Deactivate the user Create a filter and subscribed to jira-users group Filter used: issuekey in issueHistory ORDER BY lastViewed DESC...

Authorization Bypass

Moodle is vulnerable to authorization bypass. The calendar/managesubscriptions.php does not enforce the correct permissions on users, allowing a malicious user with access to a student account to edit the calendar subscriptions...

Scammers Are Using Fake Apple In-App Subscriptions to Make Lot of Money

In this year's annual event, Apple announced that the company had paid out $70 Billion to developers in the App Store's lifetime and that $21 Billion of the amount was paid in the last year alone. But has all this money gone to the legitimate app developers? Probably not, as app developer Johnny...

Zenbership CMS 1.0.8 SQL Injection

Document Title: =============== Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2073 Release Date: ============= 2017-06-09 Vulnerability Laboratory ID VL-ID:...

Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities

Document Title: =============== Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2073 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9759 CVE-ID: ======= CVE-2017-9759 Release Date:...

New vulnersBot for Telegram with advanced searches and subscriptions

Vulners.com team have recently presented a new version of vulnerability intelligence bot for Telegram messenger. Now you can search for vulnerabilities and other security content by talking with bot. Searches For example, I've heard about new critical vulnerability in Samba called SambaCry by...

Vulnerability subscriptions in terms of business

The question is: do we really need an employee in organization that deals with vulnerabilities in infrastructure on a full-time basis? Since this is similar to what I do for living, I would naturally say that yes, it is necessary. But as person, who makes security automation, I can say that there...

Update Rollup 9 for System Center 2012 R2 Orchestrator - Service Provider Foundation

Update Rollup 9 for System Center 2012 R2 Orchestrator - Service Provider Foundation Introduction This article describes the issues that are fixed and the features that are added in Update Rollup 9 for Microsoft System Center 2012 R2 Orchestrator - Service Provider Foundation. Additionally, this...

PowerLurk - Malicious WMI Events using PowerShell

PowerLurk is a PowerShell toolset for building malicious WMI Event Subsriptions. The goal is to make WMI events easier to fire off during a penetration test or red team engagement. Please see my post Creeping on Users with WMI Events: Introducing PowerLurk for more detailed information:...

Moodle 2.4.x < 2.4.1 Multiple Vulnerabilities

Binary data 9414.prm...

(RHSA-2015:1853) Low: Red Hat Enterprise Developer Toolset Version 2 Retirement Notice

In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering was retired on September 30, 2015, and support is no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security...

SOL17189 - Apache HTTP server vulnerability CVE-2008-0456

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

mlb.mlb.com XSS vulnerability

Vulnerable URL: http://mlb.mlb.com/mlb/subscriptions/index.jsp?cid=qwe/a=0;alertString.fromCharCode88,83,83,80,79,83,69,68//=mlbMENU Details: Description| Value ---|--- Patched:| Yes, at 22.09.2015 Latest check for patch:| 22.09.2015 01:29 GMT Vulnerability type:| XSS Vulnerability status:|...

[SECURITY] Fedora 20 Update: subscription-manager-1.13.6-1.fc20

The Subscription Manager package provides programs and libraries to allow u sers to manage subscriptions and yum repositories from the Red Hat entitlement platform...

(RHSA-2014:0831) Low: Red Hat Developer Toolset Version 1 Retirement Notice

In accordance with the Red Hat Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering was retired on June 30, 2014, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent...