COVID19 Testing Management System 1.0 - (Admin name) Cross-Site Scripting Vulnerability

Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 == Store...

The vulnerability of Firefox browsers, related to errors in security restrictions on testing infrastructure, allows attackers to gain unauthorized access to protected information.

The vulnerability of Firefox browsers is related to errors in security restrictions on testing infrastructure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)

Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting XSS Date: 04/08/2021 Exploit Author: Hosein Vita Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/ Software Link:...

COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)

Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a perpetrator to gain read access to data, modify data, or cause partial service disruption.

The vulnerability of the Outside In Filters component within Oracle’s software development kit SDK “Outside In Technology” exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to gain read access to data, modify, add, or delete data, or cause a...

The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to gain access to data for reading purposes.

The vulnerability of the Outside In Filters component within Oracle’s SDK for software development tools exists due to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor to gain access to data through HTTP requests...

4 things you should know about testing AV software with VirusTotal’s free online multiscanner

As COVID-19 soldiers on, small and medium-size businesses now feel as ripe for malware attacks as deep-pocketed multinationals. SMBs see that, along with remote work, our pandemic has also brought troubling new holes to their security. This means cybercriminals—equal opportunity charlatans that...

A/B Testing, Now with EdgeKV

This blog was co-authored by Tim Vereecke, Josh Johnson, and Medhat Yakan This is a blog series about building an A/B test with EdgeWorkers and EdgeKV. Read part one here. In our previous blog, we wrote the base code for our A/B test and stored the data locally. Although this may be convenient fo...

A/B Testing, Now with EdgeKV

Now that we've written the framework of our code, let's layer in EdgeKV EKV, our distributed key-value store database...

FIN7 Backdoor Masquerades as Ethical Hacking Tool

The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

ofbiz-poc CVE-2020-9496 and CVE20209496 utilize dnslog for...

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and anti-kill tools. The primary...

Short story about Clubhouse user scraping and social graphs

TL;DR During this RedTeam testing, Hexway team used Clubhouse as a social engineering tool to find out more about their client’s employees. UPDATE: While Hexway were preparing this article for publication, cybernews.com reported: 1.3 million scraped user records leaked online for free In this...

200K Veterans’ Med Records May Have Been Stolen by Ransomware Gang

UPDATE A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers. The VA for it’s par...

StackLift LocalStack Cross-Site Scripting Vulnerability

StackLift LocalStack is a StackLift open source application. Provides an easy-to-use testing framework for cloud applications. A cross-site scripting vulnerability exists in StackLift LocalStack version 0.12.6, which stems from a lack of proper validation of client-side data by the WEB applicatio...

BSA-2021-1487

Security Advisory ID : BSA-2021-1487 Component : Libarchive Revision : 1.0 libarchive 3.3.2 suffers from an out-of-bounds read within lhareaddatanone in archivereadsupportformatlha.c when extracting a specially crafted lha archive, related to lhacrc16. Affected Products Brocade SANnav versions...

BSA-2020-1166

Security Advisory ID : BSA-2020-1166 Component : OpenSSL Revision : 1.0 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a...

tonyrobbins.com Cross Site Scripting vulnerability OBB-2006197

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| tonyrobbins.com ---|--- Open Bug Bounty...

AI security risk assessment using Counterfit

Today, we are releasing Counterfit, an automation tool for security testing AI systems as an open-source project. Counterfit helps organizations conduct AI security risk assessments to ensure that the algorithms used in their businesses are robust, reliable, and trustworthy. AI systems are...

AI security risk assessment using Counterfit

Today, we are releasing Counterfit, an automation tool for security testing AI systems as an open-source project. Counterfit helps organizations conduct AI security risk assessments to ensure that the algorithms used in their businesses are robust, reliable, and trustworthy. AI systems are...