Hackers Trick DigiCert Into Issuing Certificates Used to Sign Malware

DigiCert revokes 60 code signing certificates after hackers used a malicious support chat attachment to sign the Zhong Stealer malware...

CS Money: Blind XSS on image upload

Summary: - The CSRF vulnerability make a request for support.cs.money/uploadfile; This uploadfile does not have csrf token/ origin/ reference verification! - The XSS allows to execute JS. The payload of the XSS stay in the param 'filename' of the CSRF request. Steps To Reproduce: XSS - use a prox...

Mail.ru: Self XSS via help.mail.ru interface

Self-XSS in sandbox domain via support chat interface on help.mail.ru with no security impact identified...

h1-ctf: [h1-415 2020] @_bayotop h1-415-ctf writeup

TL;DR: Thanks for the challenge! 1. Abusing account recovery via QR codes to get access to [email protected]. 2. Blind XSS in /support/review/ including CSP bypass. 3. Missing input sanitization on name parameter when POSTing to /support/review/. 4. Access to remote debugging port on local...

Click Desk Live Support Chat - Cross Site Scripting

The clickdesk-live-support-chat WordPress plugin was affected by a Cross Site Scripting security vulnerability...

Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress clickdesk-live-support-chat plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Www.Aria-security.com/forum/ Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities Download......:...

WordPress Clickdesk Live Support Chat Cross Site Scripting

Www.Aria-security.com/forum/ Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities Download......: http://wordpress.org/extend/plugins/clickdesk-live-support-chat/ Bug Found.....: http://Aria-Security.Com/forum/ discovery.....: Am!r IrIsT™ contact.......: AmiratIrIsT.i...

JonDo 00.16.001 Released - Automatic error recognition and easier usability

JonDo 00.16.001 Released - Automatic error recognition and easier usability JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers. What is JonDo? JonDo is ...