Lucene search
+L

174 matches found

rapid7blog
rapid7blog
added 2022/12/16 9:37 p.m.69 views

Metasploit Weekly Wrap-Up

A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear tree are headed out this week! Partridge nor pear tree included. In this sack of goodie...

4.6CVSS9.3AI score0.51804EPSS
Exploits10
openbugbounty
openbugbounty
added 2022/09/13 5:25 p.m.11 views

canberraweeklyrealestate.com.au Cross Site Scripting vulnerability OBB-2918468

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
nessus
nessus
added 2022/07/15 12:0 a.m.196 views

Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.332.4 or Jenkins weekly prior to 2.356. It is, therefore, affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355...

9.1CVSS6.6AI score0.77007EPSS
Exploits0References45
rapid7blog
rapid7blog
added 2022/07/08 6:35 p.m.28 views

Metasploit Weekly Wrap-Up

DFSCoerce - Distributing more than just files DFS Distributed File System is now distributing Net-NTLM credentials thanks to Spencer McIntyre with a new auxiliary/scanner/dcerpc/dfscoerce module that is similar to PetitPotam in how it functions. Note that unlike PetitPotam, this technique does...

0.4AI score
Exploits0
hivepro
hivepro
added 2022/02/28 4:15 p.m.11 views

Weekly Threat Digest: 21-27 February 2022

...

1.6AI score
Exploits0
hivepro
hivepro
added 2022/02/22 12:27 p.m.12 views

Weekly Threat Digest: 14-20 February 2022

...

1.6AI score
Exploits0
wired
wired
added 2021/12/11 4:43 p.m.19 views

US Wins Appeal to Extradite Julian Assange

Plus: Bluetooth security, a Brazil hack, and more of the week's top security news...

7AI score
Exploits0
wired
wired
added 2021/09/04 2:3 p.m.31 views

BrakTooth Flaws Affect Billions of Bluetooth Devices

Plus: A spyware ban, a big WhatsApp fine, and more of the week's top security news...

1.8AI score
Exploits0
nvd
nvd
added 2021/06/01 2:15 p.m.12 views

CVE-2021-24309

The "Schedule Name" input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the HTML tags and cause a stored XSS issue...

5.4CVSS0.0065EPSS
Exploits2References1
osv
osv
added 2021/06/01 2:15 p.m.3 views

CVE-2021-24309

The "Schedule Name" input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the HTML tags and cause a stored XSS issue...

5.4CVSS5.8AI score0.0065EPSS
Exploits2References1
cnnvd
cnnvd
added 2021/06/01 12:0 a.m.4 views

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

5.4CVSS6AI score0.0065EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/12 12:0 a.m.533 views

Weekly Schedule < 3.4.3 - Authenticated Stored XSS

The "Schedule Name" input in the plugin general options did not properly sanitize input, allowing a user to inject javascript code using the Go to Weekly Schedule - General Options /wp-admin/admin.php?page=weekly-schedule - Schedule Name - Fill the field with a payload such as alertxss...

5.4CVSS5.5AI score0.0065EPSS
Exploits2
nessus
nessus
added 2021/04/23 12:0 a.m.66 views

Jenkins LTS < 2.277.3 / Jenkins weekly < 2.286

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.277.3 or Jenkins weekly prior to 2.286. It is, therefore, affected by a vulnerability: - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha...

7.8CVSS7AI score0.53861EPSS
Exploits1References2
threatpost
threatpost
added 2021/03/25 9:28 p.m.201 views

Fleeceware Apps Bank $400M in Revenue

About 204 different “fleeceware” applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to “test” the app, before commencing automati...

7.2AI score
Exploits0References5
thn
thn
added 2021/01/05 11:2 a.m.5 views

Healthcare Industry Witnessed 45% Spike in Cyber Attacks Since Nov 20

Cyberattacks targeting healthcare organizations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally. According to a new report published by Check Point Research today and shared with The Hacker News, this increase has made the sector the most targeted industry b...

6.2AI score
Exploits0
cnvd
cnvd
added 2020/11/06 12:0 a.m.3 views

Denial of Service Vulnerability in Weekly Shanghai App

Week to Shanghai app is a life service guide platform. A denial of service vulnerability exists in Zhou to Shanghai App, which can be exploited by an attacker to build malformed serialized Intent data to launch the app and cause the app to crash, posing information leakage and operational securit...

6.6AI score
Exploits0
openbugbounty
openbugbounty
added 2020/10/12 9:54 a.m.5 views

bi-weekly-budget-template.com Cross Site Scripting vulnerability OBB-1400704

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
hackerone
hackerone
added 2020/05/18 7:58 p.m.64 views

Node.js third-party modules: [keyd] Prototype pollution

I would like to report a prototype pollution vulnerability in keyd module. It allows an attacker to inject properties on Object.prototype. Module module name: keyd version: 1.3.4 npm page: https://www.npmjs.com/package/keyd Module Description A small library for using and manipulating key paths i...

0.8AI score
Exploits0
openbugbounty
openbugbounty
added 2020/04/15 4:32 p.m.8 views

weekly-motels.localkk.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1143598 Security Researcher Teamhash Helped patch 330 vulnerabilities Received 3 Coordinated Disclosure badges Received 2 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting weekly-motels.localkk.com...

Exploits0
openbugbounty
openbugbounty
added 2020/03/10 7:29 a.m.5 views

weekly-net.co.jp Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1114962 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting weekly-net.co.jp website...

0.1AI score
Exploits0
Rows per page
Query Builder