174 matches found
Metasploit Weekly Wrap-Up
A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear tree are headed out this week! Partridge nor pear tree included. In this sack of goodie...
canberraweeklyrealestate.com.au Cross Site Scripting vulnerability OBB-2918468
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.332.4 or Jenkins weekly prior to 2.356. It is, therefore, affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355...
Metasploit Weekly Wrap-Up
DFSCoerce - Distributing more than just files DFS Distributed File System is now distributing Net-NTLM credentials thanks to Spencer McIntyre with a new auxiliary/scanner/dcerpc/dfscoerce module that is similar to PetitPotam in how it functions. Note that unlike PetitPotam, this technique does...
Weekly Threat Digest: 21-27 February 2022
...
Weekly Threat Digest: 14-20 February 2022
...
US Wins Appeal to Extradite Julian Assange
Plus: Bluetooth security, a Brazil hack, and more of the week's top security news...
BrakTooth Flaws Affect Billions of Bluetooth Devices
Plus: A spyware ban, a big WhatsApp fine, and more of the week's top security news...
CVE-2021-24309
The "Schedule Name" input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the HTML tags and cause a stored XSS issue...
CVE-2021-24309
The "Schedule Name" input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the HTML tags and cause a stored XSS issue...
WordPress 插件 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
Weekly Schedule < 3.4.3 - Authenticated Stored XSS
The "Schedule Name" input in the plugin general options did not properly sanitize input, allowing a user to inject javascript code using the Go to Weekly Schedule - General Options /wp-admin/admin.php?page=weekly-schedule - Schedule Name - Fill the field with a payload such as alertxss...
Jenkins LTS < 2.277.3 / Jenkins weekly < 2.286
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.277.3 or Jenkins weekly prior to 2.286. It is, therefore, affected by a vulnerability: - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha...
Fleeceware Apps Bank $400M in Revenue
About 204 different “fleeceware” applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to “test” the app, before commencing automati...
Healthcare Industry Witnessed 45% Spike in Cyber Attacks Since Nov 20
Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally. According to a new report published by Check Point Research today and shared with The Hacker News, this increase has made the sector the most targeted industry b...
Denial of Service Vulnerability in Weekly Shanghai App
Week to Shanghai app is a life service guide platform. A denial of service vulnerability exists in Zhou to Shanghai App, which can be exploited by an attacker to build malformed serialized Intent data to launch the app and cause the app to crash, posing information leakage and operational securit...
bi-weekly-budget-template.com Cross Site Scripting vulnerability OBB-1400704
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Node.js third-party modules: [keyd] Prototype pollution
I would like to report a prototype pollution vulnerability in keyd module. It allows an attacker to inject properties on Object.prototype. Module module name: keyd version: 1.3.4 npm page: https://www.npmjs.com/package/keyd Module Description A small library for using and manipulating key paths i...
weekly-motels.localkk.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1143598 Security Researcher Teamhash Helped patch 330 vulnerabilities Received 3 Coordinated Disclosure badges Received 2 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting weekly-motels.localkk.com...
weekly-net.co.jp Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1114962 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting weekly-net.co.jp website...