HackDig : Dig high-quality web security articles for hacker

Researcher spotted flaws in the web-based version of popular Sarahah app

A security researcher discovered a number of embarrassing vulnerabilities in the popular anonymous feedback app Sarahah. The anonymous feedback app Sarahah makes the headlines once again, according to the according to security researcher Scott Helme, the web-based version of the app is plagued with security flaws. Sarahah mobile app allows users to receive a
Publish At:2017-10-24 13:20 | Read:1522 | Comments:0 | Tags:Breaking News Hacking CSRF mobile app Sarahah web applicatio

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1

            DefenseCode Security Advisory   Magento Commerce CSRF, Stored Cross Site ScriptingAdvisory ID: DC-2017-09-001Advisory Title: Magento CSRF, Stored Cross Site ScriptingAdvisory URL:http://www.defensecode.com/advisories/DC-2017-09-001_Magento_CSRF_Stored_Cross_Site_Scripting.pdfSoftware: Magento Commerce, CESoftware Language: PHPVersion: Magento CE
Publish At:2017-10-07 06:20 | Read:3171 | Comments:0 | Tags: Csrf

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #2

             DefenseCode Security Advisory    Magento Commerce CSRF, Stored Cross Site ScriptingAdvisory ID: DC-2017-09-002Advisory Title: Magento CSRF, Stored Cross Site ScriptingAdvisory URL:http://www.defensecode.com/advisories/DC-2017-09-002_Magento_CSRF_Stored_Cross_Site_Scripting.pdfSoftware: Magento Commerce, CESoftware Language: PHPVersion: Magento C
Publish At:2017-10-07 06:20 | Read:2633 | Comments:0 | Tags: Csrf

CSRF/XSS in Content Audit allowing an unauthenticated attacker to do almost anything an admin can (WordPress plugin)

Details================Software: Content AuditVersion: 1.9.1Homepage: https://wordpress.org/plugins/content-audit/Advisory report: https://security.dxw.com/advisories/csrf-xss-content-audit/CVE: Awaiting assignmentCVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)Description================CSRF/XSS in Content Audit allowing an unauthenticated attacker to do almo
Publish At:2017-09-27 05:40 | Read:1808 | Comments:0 | Tags: Xss Csrf

EE 4GEE Multiple Security Vulnerabilities Advisory (CSRF/Stored XSS/JSONP)

EE 4GEE Wireless Router - Multiple Security Vulnerabilities Advisory-------------------------------------------------Hardware Version/Model: 4GEE WiFi MBB (EE60VB-2AE8G83).Vulnerable Software Version: EE60_00_05.00_25.Patched Software Version: EE60_00_05.00_31.Product URL:https://shop.ee.co.uk/dongles/pay-monthly-mobile-broadband/4gee-wifi/detailsProof of Co
Publish At:2017-09-08 11:20 | Read:1647 | Comments:0 | Tags: Xss Csrf

CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution

[+] Credits: John Page AKA hyp3rlinx[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt[+] ISR: apparitionSecVendor:===============www.cesanta.comProduct:==================Mongoose Web Server (Free Edition)Mongoose-free-6.5.exeDownload: https://cesanta.com/binary.htmlM
Publish At:2017-09-05 07:45 | Read:1306 | Comments:0 | Tags: Csrf

CSRF vulnerabilities in D-Link DVG-5402SP

Hello list!There are multiple Cross-Site Request Forgery vulnerabilities in D-Link DVG-5402SP VoIP Router.-------------------------Affected products:-------------------------Vulnerable is the next model: D-Link DVG-5402SP, Firmware RU_1.01. Other versions also must be vulnerable.Since December 2014 the developers didn't answer me concerning vulnerabilit
Publish At:2017-08-01 19:25 | Read:1840 | Comments:0 | Tags: Csrf

CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin (WordPre

Details================Software: YouTubeVersion: 11.8.1Homepage: https://wordpress.org/plugins/youtube-embed-plus/Advisory report: https://security.dxw.com/advisories/csrf-in-youtube-plugin/CVE: Awaiting assignmentCVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)Description================CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker t
Publish At:2017-07-27 02:00 | Read:1746 | Comments:0 | Tags: Csrf

Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access

Title: Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access Advisory ID: ZSL-2017-5416 Type: Local/Remote Impact: Cross-Site Scripting, System Access Risk: (4/5) Release Date: 10.07.2017Summary Pelco offers the broadest selection of IP cameras design
Publish At:2017-07-10 16:45 | Read:2109 | Comments:0 | Tags: Csrf

CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection

[+] Credits: John Page a.k.a hyp3rlinx[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt[+] ISR: ApparitionSecVendor:================www.mantisbt.orgProduct:=========Mantis Bug Tracker1.3.10 / v2.3.0MantisBT is a popular free web-based bug tracking system. It is written i
Publish At:2017-05-23 07:41 | Read:2215 | Comments:0 | Tags: Csrf

WordPress 4.7.5 release addresses six security vulnerabilities

The new WordPress 4.7.5 release fixes six security vulnerabilities affecting version 4.7.4 and earlier, including XSS, CSRF, SSRF flaws. The WordPress 4.7.5 release patches six vulnerabilities affecting version 4.7.4 and earlier. The latest version addresses cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF)
Publish At:2017-05-19 11:10 | Read:2264 | Comments:0 | Tags:Breaking News Hacking CMS CSRF WordPress 4.7.5 XSS

Mailcow v0.14 CSRF Password Reset / Add Admin / Delete Domains

[+] Credits: John Page a.k.a hyp3rlinx[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/MAILCOW-v0.14-CSRF-PASSWORD-RESET-ADD-ADMIN.txt[+] ISR: ApparitionSecVendor:=============mailcow.emailmailcow.github.ioProduct:===========The integrated mailcow UI allows administrative work on your mail serverinstance as well as s
Publish At:2017-05-15 15:20 | Read:3303 | Comments:0 | Tags: Csrf

[CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15

# [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15## Product DescriptionViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source solution developed by Opensolutions and distributed under the GNU/GPL license version 3. The official web site can be found at http:/
Publish At:2017-05-05 03:16 | Read:2306 | Comments:0 | Tags: Csrf

PRL and CSRF vulnerabilities in D-Link DAP-1360

Hello list!After previous Cross-Site Request Forgery and Cross-Site Scriptingvulnerabilities, here are new ones. There are Predictable Resource Locationand Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 (Wi-FiAccess Point and Router).-------------------------Affected products:-------------------------Vulnerable is the next model: D-Link DAP-13
Publish At:2017-05-01 03:50 | Read:2511 | Comments:0 | Tags: Csrf

DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF)

DefenseCode Security Advisory Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF)Advisory ID: DC-2017-04-003Software: Magento CESoftware Language: PHPVersion: 2.1.6 and belowVendor Status: Vendor contacted / Not fixedRelease Date: 20170413Risk: High# Advisory OverviewDuring the security audit of Mage
Publish At:2017-04-17 03:10 | Read:1746 | Comments:0 | Tags: Csrf Vulnerability

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud