The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind SQL injection in the id parameter of the get_script/index.php page. The injection is passed through GET parameters, and thus must be encoded, and magic_quotes is applied at the server.
c40d3f2150f043263d7f5b593f87cd6eb6ed9507f109b3c2713e5d016de691c2
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP. Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
f20ed46e990bc49e51e4df52537ec564d571907ef6c1bab6631f3044e0db35c8
Whitepaper called Hacking HTTP CORS.
b61e090c2844b313bc5bcf80a898258cecf16f0d35e5763fa01cfa2c26e996cb
This is a brief whitepaper that discuss HTTP Host header attacks.
a6fa96ce1a609cfb613a8375b0180918f63f56cc17ee3a3c76e0de0ea38c3e92
This is a whitepaper that discusses attacking GraphQL.
aa2a135e3c79bce67c8da5438837eb4be4d82d6384d4352b498bfce711c37beb
LiteSpeed Web Server Enterprise version 5.4.11 suffers from an authenticated remote command injection vulnerability.
3ba47cb0d0b0247ab02f85b865390f467999b58710524e0b2140b93cf1e7dd71
Whitepaper called Malware Hunting 101. Written in Vietnamese.
4c7c6fc0b06cba7e2b4fb8988f1c690f57a0745feb25e07266255d76ec474755
Openlitespeed Web Server version 1.7.8 suffers from an authenticated command injection vulnerability.
6245ded7393648d6817b10e62fc6f6b93770c5c229af1eac1d2e7523eb97a85a
Whitepaper called Android Application Vulnerabilities. Written in Vietnamese.
25a9be443e83e5ebb65adc0990933e8bc358ae4df7692ffa351cac1c3505acde
This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress plugin Simple JobBoard versions prior to 2.9.3 to perform an arbitrary file read with the web server privileges.
6496c8aa6342663e882ec2f4a0d63167dcd9c32f65f07c081d82e365efcf4f8d
Laravel version 8.4.2 suffers from a debug mode remote code execution vulnerability.
e34cd9189ebccce75149b7a897ad6f0f8f21c47b20e534aec63a70a6024d57f6
This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.
79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4d
Responsive FileManager version 9.13.4 path traversal exploit. Original discovery of this finding is attributed to farisv in December of 2018.
e60dde7a6fb3e57f25bc60645a9e6b12692e86e856f5127f0306b5a233418882
CSZ CMS version 1.2.9 suffers from multiple cross site scripting vulnerabilities.
79f1df60bfb3aadd09240d3b2f1db88b5dd5c450c8c2e5cd822fcbfb3e1d4cbb
Whitepaper called Object Prototype Pollution Attack.
0cf71dcc65c57e4d0d55c1d72779900dfcd3e0f7bb0d277277738f83613d8f75
This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin W3 Total Cache version 0.9.2.6 through 0.9.3, allowing arbitrary file read with the web server privileges.
b1fd7066d25604160753e81eec4934df777ae2201da72af60ddf06186600cd4d
Whitepaper called Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques.
c79b819f3916ff0be16a8f92b4bb6d4ac20350c987de62c68c23246986271990
This is a brief whitepaper discussing best practices in mobile application security.
b1918abbd608009a0920e4a9bc031809a5b57b44c3c36e87343ee875c3173748
Whitepaper called API Security Overview that discusses different types of flaws and exploitation of API insecurities.
19487e6fb12e5fd2ce1d15d579fca1015fa6eb99c113ccce6a7fd2ae4947256b
WonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.
5c77636e1392acaaefaad99cda395188e1f61fbc280e529b78e09a0273f56e6c
WordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.
df164b02a712cca62c1fad6d88d073af2a72295ef861341c2f8f29ebd0a7522f
Apache OpenMeetings version 5.0.0 suffers from a denial of service vulnerability.
7539b0d8fbb557e732f484501716397e2294abadc113cf2d94a89501dcf3e5de
BigTree CMS version 4.4.10 suffers from a remote code execution vulnerability.
92f4a303fee246d434165dc019b78a49fcc67be677212629c4facc2f010f054c
Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.
2e44366f893d3e12294a36d49eeaca34428e4d82f50595d15725bbc37035ee42
WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
22351f0d0d7c3f44bb5f337f9236dda428c979d350043aa67d965801fc39d337