22 matches found
How Asem Eleraky went from a shared family PC to finding critical vulnerabilities
In the world of vulnerability research, origin stories are rarely linear. For Asem Eleraky, the path to becoming a Microsoft MVR began not in a SOC lab or a university classroom, but with a single family PC and a short daily window to explore his growing interest in cybersecurity...
WordPress Security Research Series: Setting Up Your Research Lab
Welcome to Part 3 of the WordPress Security Research Beginner Series! If you haven’t yet, take a minute to check out the series introduction to get a sense of what this series is all about. You’ll also want to catch up on Part 1, where we dig into WordPress request architecture and hooks, and Par...
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
Impact OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script through the Settings that will allow code execution during rendering of that script. An attacker might use this to extract data managed by...
Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...
LastPass Fixes Bug That Leaks Credentials
LastPass has patched a bug that could potentially allow malicious websites to access a web user’s credentials from a previously visited site. Tavis Ormandy, a vulnerability researcher from Google Project Zero, discovered the flaw in the LastPass password manager and published it on the project’s...
Fuji Electric V-Server VPR
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Fuji Electric Equipment: V-Server VPR Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of V-Server VPR, a data collection and management service, are affected: V-Server VPR 4.0.1.0 a...
eac.webstudy.com XSS vulnerability
Vulnerable URL: https://eac.webstudy.com/doc.php?id=13'"80 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated Disclosure Timeline: Description| Value...
Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerability
CVSS v3 10 ATTENTION: Remotely exploitable. Low skill level is needed to exploit. Vendor: Red Lion Controls, AutomationDirect Equipment: Sixnet-Managed Industrial Switches and STRIDE-Managed Ethernet Switches Vulnerability: Use of Hard-coded Cryptographic Keys AFFECTED PRODUCTS The following Red...
Four High-Severity Chrome Vulnerabilities Earn Researcher $32K in Rewards
For the second time in less than a year, researcher Mariusz Mlynski has earned more than $30,000 through Google’s Chrome Rewards program. Google on Wednesday released Chrome 56.0.02924.76 for Windows, Mac and Linux platforms, and Mlynski was credited with finding and disclosing four high-severity...
zooplus.se XSS vulnerability
Vulnerable URL: http://www.zooplus.se/feedback/form/shop"onmouseover="prompt'XSSPOSED' Details: Description| Value ---|--- Patched:| Yes, at 23.03.2016 Latest check for patch:| 23.03.2016 13:28 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 196084 Google...
PHP 5.6.5 Released With Several Security Fixes
Several new versions of PHP have been released, fixing a number of security vulnerabilities and other bugs in the popular scripting language. PHP 5.6.5 is the newest version of the language, and it has patches for a handful of vulnerabilities, including a use-after-free flaw that could lead to...
Bugzilla Vulnerability Exposes Bug Collections
Hundreds of open source software projects that make use of Bugzilla, Mozilla’s bug-tracking software, anxiously await a patch for a vulnerability that exposes private bugs collected by the system. Mozilla is today expected to make available a patch for the vulnerability in its account creation...
Congratulations to James Forshaw Recipient of Our First $100,000 Bounty for New Mitigation Bypass Techniques!
Congratulations to James Forshaw for coming up with a new exploitation technique to get our first ever $100,000 bounty. A security vulnerability researcher with Context Information Security, James already came in hot with design level bugs he found during the IE11 Preview Bug Bounty, and we’re...
Facebook Mobile Bug Bounty #7 - Redirect Vulnerability
Document Title: =============== Facebook Mobile Bug Bounty 7 - Redirect Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=975 Facebook Security ID: 159243257 Release Date: ============= 2013-06-14 Vulnerability Laboratory ID VL-ID:...
Barracuda SSL VPN - Input Filter Bypass Vulnerability
Document Title: =============== Barracuda SSL VPN - Input Filter Bypass Vulnerability References: =========== Download: http://www.vulnerability-lab.com/resources/videos/563.wmv View: http://www.youtube.com/watch?v=ICR0iFJkDg0 Advisory: http://www.vulnerability-lab.com/getcontent.php?id=661 News:...
Barracuda SSL VPN - Input Filter Bypass Vulnerability
Document Title: =============== Barracuda SSL VPN - Input Filter Bypass Vulnerability References: =========== Download: http://www.vulnerability-lab.com/resources/videos/563.wmv View: http://www.youtube.com/watch?v=ICR0iFJkDg0 Advisory: http://www.vulnerability-lab.com/getcontent.php?id=661 News:...
Joomla Matrimony SQL Injection
Exploit Title: Joomla Component commatrimony SQL Injection Vulnerability Author : CoBRa21 E-Mail : uykucu at windowslive.com Google Dork : inurl:index.php?option=commatrimony Status : High-Risk SQL Vulnerability http://127.0.0.1/PATH/index.php?option=commatrimony&action=view&id=2 SQL SQL Exploit...
Joomla Tsonymf SQL Injection
Exploit Title: Joomla Component comtsonymf SQL Injection Vulnerability Author : CoBRa21 E-Mail : uykucu at windowslive.com Google Dork : inurl:comtsonymf Status : High-Risk Script Page : null SQL Vulnerability...
Joomla! Component com_dshop - SQL Injection
Joomla! Component comdshop - SQL Injection Exploit Title: Joomla Component comdshop SQL Injection Vulnerability Author : CoBRa21 E-Mail : uykucu at windowslive.com Google Dork : inurl:comdshop Status : High-Risk Script Page : null Reference : https://www.securityfocus.com/bid/47971/info SQL...
Joomla! Component com_dshop - SQL Injection
Exploit Title: Joomla Component comdshop SQL Injection Vulnerability Author : CoBRa21 E-Mail : uykucu at windowslive.com Google Dork : inurl:comdshop Status : High-Risk Script Page : null Reference : https://www.securityfocus.com/bid/47971/info SQL Vulnerability...