HackDig : Dig high-quality web security articles for hackers

Drupal addressed CVE-2020-13671 Remote Code Execution flaw

Drupal development team has released security updates to address a remote code execution flaw, tracked as CVE-2020-13671. The Drupal development team has released security updates to fix a remote code execution vulnerability related caused by the failure to properly sanitize the names of uploaded files. The vulnerability, tracked as CVE-2020-13671, has
Publish At:2020-11-19 14:48 | Read:169 | Comments:0 | Tags:Breaking News Security CMS Drupal Hacking hacking news infor

A flaw in Concrete5 CMS could have allowed website takeover

A remote code execution (RCE) vulnerability affecting the Concrete5 CMS exposed numerous servers to full takeover, experts warn. A recently addressed remote code execution (RCE) flaw in the Concrete5 CMS exposed numerous websites to attacks. Concrete5 is an open-source content management system (CMS) designed for ease of use, for users with a minimum o
Publish At:2020-08-19 05:34 | Read:759 | Comments:0 | Tags:Breaking News Hacking Security CMS Concrete5 hacking news in

Website misconfigurations and other errors to avoid

Website owners, listen up: There are lots of things you shouldn’t do with your site, and many more you should avoid with the domains you’re responsible for. Insider malice, bad luck, and the stars aligning in impossible ways can all give your online portfolio a bad hair day. However, if you want to tempt fate, you can bring on the mayhem with website misconf
Publish At:2020-07-15 11:33 | Read:447 | Comments:0 | Tags:How-tos bank banking blog CMS dns hijack redirect website

Looking into Attacks and Techniques Used Against WordPress Sites

By David Fiser (Senior Cyber Threat Researcher) WordPress is a well-known open-source content management system (CMS) used for creating websites and personal blogs. The CMS is estimated to be used by 35% of all websites today, which makes it an ideal target for threat actors. A weak point in the platform is all it takes to allow an attacker to break a websit
Publish At:2019-12-23 14:35 | Read:1224 | Comments:0 | Tags:Vulnerabilities Alfa-Shell API cms Content Management System

Would ‘Medicare for All’ help secure health data?

DISCLAIMER: This post is not partisan, but rather focuses on risk assessment based on history and what threats we are facing in the future. We do not endorse any healthcare plan style in any way, outside of examining its data security risk. For many folks, the term ‘Healthcare for All’ brings up an array of emotions ranging from concern to happiness, and
Publish At:2019-11-26 21:50 | Read:2456 | Comments:0 | Tags:Government Privacy Security world adam kujawa AMCA American

Drupal maintainers fix several access bypass vulnerabilities in Drupal 8

Drupal maintainers this week released security updates to fix several access bypass vulnerabilities in Drupal 8. Update your installation. On Wednesday Drupal maintainers released security updates to fix several access bypass vulnerabilities in Drupal 8. The flaws affect several components, including the entity access system, the REST API and some views. Th
Publish At:2017-08-17 20:05 | Read:3465 | Comments:0 | Tags:Breaking News Hacking access bypass vulnerabilities CMS Drup

Drupal fixes the CVE-2017-6922 flaw exploited in spam campaigns in the wild

Drupal team released security updates to fix several vulnerabilities, including the critical access bypass flaw CVE-2017-6922 exploited in spam campaigns. The Drupal development team has released security updates to fix several vulnerabilities, including the critical access bypass flaw tracked as CVE-2017-6922 that has been exploited in spam campaigns. The C
Publish At:2017-06-23 07:05 | Read:4005 | Comments:0 | Tags:Breaking News Hacking CMS CVE-2017-6922 Cybercrime Drupal Pi

WordPress 4.7.5 release addresses six security vulnerabilities

The new WordPress 4.7.5 release fixes six security vulnerabilities affecting version 4.7.4 and earlier, including XSS, CSRF, SSRF flaws. The WordPress 4.7.5 release patches six vulnerabilities affecting version 4.7.4 and earlier. The latest version addresses cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF)
Publish At:2017-05-19 11:10 | Read:3832 | Comments:0 | Tags:Breaking News Hacking CMS CSRF WordPress 4.7.5 XSS

Security researcher disclosed a WordPress Password Reset Vulnerability

A researcher reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. On Wednesday, the popular security experts Dawid Golunski reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. Golunski classified the flaw as a “medium/high severity
Publish At:2017-05-05 03:00 | Read:3778 | Comments:0 | Tags:Breaking News Hacking CMS password reset vulnerability Wordp

Critical vulnerability in Drupal References Module opens 120,000 Sites to hack

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS. The Drupal security team has discovered a critical vulnerability in a third-party module named References. The Drupal team published a Security advisory on April 12 informing its users of the critical flaw. The flaw has a hug
Publish At:2017-04-20 04:35 | Read:3857 | Comments:0 | Tags:Breaking News Hacking CMS Cybercrime Drupal References Modul

The Sackcloth & Ashes of WordPress Security

This is my first blog in an ongoing “It’s Not Rocket Science” series featuring articles on Information security.“Security is not an absolute, it’s a continuous process and should be managed as such. Security is about risk reduction, not risk elimination, and risk will never be zero. It’s about employing the appropriate security controls tha
Publish At:2017-03-28 06:40 | Read:6207 | Comments:0 | Tags:Featured Articles IT Security and Data Protection CMS securi

Drupal version 8.2.7 address multiple vulnerabilities in the current version of the popular CMS

Drupal development team has issued a new release of the popular content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities. The Drupal development team has released the Drupal version 8.2.7 that addressed a number of vulnerabilities in the popular CMS. The list of flaws includes an access bypass issue, a cross-site request for
Publish At:2017-03-16 19:55 | Read:4919 | Comments:0 | Tags:Breaking News Hacking CMS Drupal Drupal version 8.2.7

WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched. WordPress has issued a new security release, the WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè D
Publish At:2017-03-08 06:00 | Read:4269 | Comments:0 | Tags:Breaking News Hacking CMS CSRF Pierluigi Paganini Security A

SQLi flaw in the NextGEN Gallery plugin exposes at risk of hack more than 1 Million WordPress Installs

More than 1 million WordPress website are at risk due to a critical SQL injection vulnerability in the NextGEN Gallery plugin. Update it asap. Security experts at Sucuri firm have identified a SQL injection flaw in the WordPress image gallery NextGEN Gallery that could be exploited by a remote to gain access to the targeted website’s backend, including sensi
Publish At:2017-03-01 19:40 | Read:4106 | Comments:0 | Tags:Breaking News Hacking CMS NextGEN Gallery plugin SQL injecti

WordPress 4.7.2 release addresses XSS, SQL Injection vulnerabilities

According to the release notes the latest version of WordPress 4.7.2 addresses three security, including  XSS, SQL Injection flaws. The WordPress development team has pushed the WordPress 4.7.2 version that fixed three security issues, including a cross-site scripting and a SQL injection vulnerability. The new update comes just two weeks after WordPress rele
Publish At:2017-01-28 13:05 | Read:4952 | Comments:0 | Tags:APT Security CMS Hacking Pierluigi Paganini Security Affairs

Tools