Cross site request forgery (csrf)

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

Craft CMS vulnerable to Remote Code Execution via unrestricted file extension

Summary Unrestricted file extension lead to a potential Remote Code Execution Authenticated, ALLOWADMINCHANGES=true Details Vulnerability Cause : If the name parameter value is not empty string'' in the View.php's doesTemplateExist - resolveTemplate - resolveTemplateInternal - resolveTemplate...

WordPress Plugin Quizlord 2.0 XSS vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

WordPress is a PHP language development blog platform, users can support PHP and MySQL database server set up your own website. You can also put WordPress as a CMS to use. WordPress often broke loopholes is it the plug-in there Security. Vulnerability reproduction First build worepress, my versio...

CVE-2018-8809

In radare2 2.4.0, there is a heap-based buffer over-read in the dalvikop function of analdalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file...

MobaXtrem 10.4 Remote Code Execution Exploit

Exploit for windows platform in category remote exploits import telnetlib,sys Exploit Title: MobaXtrem 10.4 Remote Code Execution Date: 11/9/2017 Exploit Author: Sultan Albalawi Vendor Homepage: http://mobatek.net Software Link:...

PostMessage cross-domain vulnerability-vulnerability warning-the black bar safety net

Note: this article is“millet Security Center”original, reprint please contact the“millet Security Center” Background Value: $3000 Vulnerability cause: postMessage cross-domain vulnerabilities to cause, the use of the websocket receives a user authentication token Original address:...