Ahmed Kaludi, Mohammed Kaludi Security Vulnerabilities

DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting

...

DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting

...

Reflected XSS Vulnerability in Security Analytics Web UI

SUMMARY The Symantec Security Analytics (SA) Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other....

kernel security, bug fix, and enhancement update

[3.10.0-957] - [mm] mlock: avoid increase mm->locked_vm on mlock() when already mlock2(, MLOCK_ONFAULT) (Rafael Aquini) [1633059] [3.10.0-956] - [block] blk-mq: fix hctx debugfs entry related race between update hw queues and cpu hotplug (Ming Lei) [1619988] - [nvme] nvme-pci: unquiesce dead...

MonstraCMS Authenticated Arbitrary File Upload Exploit

Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS...

Monstra CMS Authenticated Arbitrary File Upload

...

Monstra CMS Authenticated Arbitrary File Upload

MonstraCMS 3.0.4 allows users to upload Arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against MonstraCMS...

kernel security and bug fix update

[2.6.32-754.OL6] - Update genkey [bug 25599697] [2.6.32-754] - [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639} - [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360] - [x86] spec_ctrl: Fix late microcode....

kernel security, bug fix, and enhancement update

[3.10.0-862.OL7] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug 24817676] [3.10.0-862] [netdrv] i40e: Fix attach VF to VM issue (Stefan Assmann) [1528123]...

U.S. Charges 9 Iranians With Hacking Universities to Steal Research Data

The United States Department of Justice has announced criminal charges and sanctions against 9 Iranians involved in hacking universities, tech companies, and government organisations worldwide to steal scientific research resources and academic papers. According to the FBI officials, the...

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection Vulnerability

Exploit for php platform in category web...

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection

SilverStripe CMS 3.6.2 - CSV Excel Macro...

SilverStripe CMS 3.6.2 - CSV Excel Macro Injection

...

SilverStripe CMS 3.6.2 CSV Excel Macro Injection

...

Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload Remote Code Execution

Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload Remote Code...

Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution

...

Monstra CMS 3.0.4 Remote Shell Upload

...

Monstra CMS 3.0.4 Remote Shell Upload Vulnerability

Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code...

Monstra CMS - Remote Code Execution

Monstra CMS - Remote Code Execution. CVE-2017-18048. Webapps exploit for PHP...

kernel security and bug fix update

[3.10.0-693.11.1.OL7] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug 24817676] [3.10.0-693.11.1] [powerpc] perf: Fix book3s kernel to userspace backtraces...

Kirby CMS < 2.5.7 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web...

Kirby CMS 2.5.7 - Cross-Site Scripting

Kirby CMS 2.5.7 - Cross-Site...

KirbyCMS Cross Site Scripting

...

Kirby CMS &lt; 2.5.7 - Cross-Site Scripting

...

KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting

...

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro...

KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting Vulnerability

Exploit for jsp platform in category web...

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

KeystoneJS 4.0.0-beta.5 - Cross-Site...

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

...

KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection

...

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

...

KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vulnerability

KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated CSV injection vulnerability in admin/server/api/download.js and...

phpMyFAQ 2.9.8 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web...

phpMyFAQ 2.9.8 - Cross-Site Scripting (2)

phpMyFAQ 2.9.8 - Cross-Site Scripting...

phpMyFAQ 2.9.8 Cross Site Scripting

...

phpMyFAQ 2.9.8 - Cross-Site Scripting (2)

...

OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting

...

OctoberCMS 1.0.425 Cross Site Scripting Vulnerability

Exploit for php platform in category web...

OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting

OctoberCMS 1.0.425 (Build 425) - Cross-Site...

OctoberCMS 1.0.425 Cross Site Scripting

...

PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)

...

phpMyFAQ 2.9.8 Cross Site Scripting

...

PHPMyFAQ 2.9.8 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web...

PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)

PHPMyFAQ 2.9.8 - Cross-Site Scripting...

WordPress: Clickjacking mercantile.wordpress.org

A Clickjaking Issue had been previously reported by "giantfire" on Aug 9th (19 days ago) and the issue was fixed by "iandunn" on Aug 25th (3 days ago) and the same disclosed on Aug 28th. Here the affected URL is- https://mercantile.wordpress.org/ "iandunn closed the report and changed the status...

WinSCP 5.9.4 - LIST Denial of Service Exploit

Exploit for windows platform in category dos /...

WinSCP 5.9.4 - LIST Denial of Service (Metasploit)

WinSCP 5.9.4 - LIST Denial of Service...

WinSCP 5.9.4 - &#039;LIST&#039; Denial of Service (Metasploit)

...

Schneider Electric homeLYnk Controller (Update A)

CVSS V3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: homeLYnk Controller, LSS100100 Vulnerability: Cross-site Scripting, Command Injection UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-019-01.....

Threat Outbreak Alert RuleID28187: Email Messages Distributing Malicious Software on March 8, 2017

Medium Alert ID: 52961 First Published: 2017 March 8 16:44 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID28187) may contain the following...