70 matches found
EUVD-2013-4718
Malware in sbrugna...
EUVD-2023-28617
Malicious code in bioql PyPI...
CVE-2023-24602
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...
CVE-2015-9433
The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php...
Automattic: Open redirect via redirect_to parameter in tumblr.com
The Tumblr website was affected by an open redirect vulnerability that allowed an attacker to redirect users to a specified URL through the "redirectto" parameter. This vulnerability could have been exploited to conduct phishing attacks or distribute malware...
CVE-2023-24602
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...
CVE-2023-24602
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...
Cross site scripting
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...
CVE-2023-24602
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...
CVE-2023-24602
Open-Xchange OX App Suite prior to frontend 7.10.6-rev24 is affected by CVE-2023-24602, a cross-site scripting (XSS) vulnerability in the Tumblr portal widget that could affect data such as a post title. The issue is documented across multiple sources, with remediation guidance indicating to upgr...
CVE-2023-24602
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...
PT-2023-19704 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev24 Description: The issue allows for XSS via data to the Tumblr portal widget, such as a post title. Recommendations: For versions prior to 7.10.6-rev24, update to version 7.10.6-rev24 or later to...
CVE-2023-24602
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...
Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose
Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...
Automattic: De-anonymize anonymous tips through the Tumblr blog network
Hey y’all! 👋 Hope all is well! Summary: I noticed that, if you send an anonymous tip through the Tumblr dashboard, you can be de-anonymized through the notes view on the blog network & maybe elsewhere?. Platforms Affected: All platforms, but requires a blog that is served on the blog network. Ste...
Automattic: Ability to subscribe to inactive Post+ creators
Hey y'all! 👋 Hope all is well! Summary: In testing Tumblr's Post+, I've found that it's possible to subscribe to creators that, at one point, opted into Post+ but had opted out after some point. As I note later on, it appears that this is a "one time use only" as the Payment URL becomes invalid...
CopperStealer Malware Targets Facebook and Instagram Business Accounts
A malware that until now has gone undocumented has been quietly hijacking online accounts of advertisers and users of Facebook, Apple, Amazon, Google and other web giants since July 2019 and then using them for nefarious activity, researchers have found. Dubbed CopperStealer, the malware acts...
Automattic: Tab nabbing via window.opener.location (target "_blank")
Summary: When you open a link using target="blank", the page that opens in a new tab get access to the initial tab and change its location using the window.opener.location function. Platforms Affected: website Steps To Reproduce for the first target blank: 1. First target "blank" 1. On...
Socialscan - Check Email Address And Username Availability On Online Platforms With 100% Accuracy
socialscan offers accurate and fast checks for email address and username usage on online platforms. Given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Features that differentiate socialscan from similar tools e.g. knowem.com,...
Automattic: Follow by email allows for following by unverified emails
The initial report outlined being able to add any email to a Tumblr account without verifying it first which is expected behavior that does not pose a security risk. However, the reporter also reported that these unverified emails were able to be used in our “follow by email” feature which we did...