Archive for the ‘Cross site scripting’ Category

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

April 17th, 2019
Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in

Posted in Cross site scripting, cybersecurity, Drupal, Drupal hacking, hacking news, JQuery, php security, remote code execution, Vulnerability, website security | Comments (0)

Severe Flaw Disclosed In StackStorm DevOps Automation Software

March 11th, 2019
A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows

Posted in application security, cross site origin request, Cross site scripting, hacking news, StackStorm, Web Application Security, XSS vulnerability | Comments (0)

Hacking Virtual Reality – Researchers Exploit Popular Bigscreen VR App

February 22nd, 2019
A team of cybersecurity researchers from the University of New Haven yesterday released a video demonstrating how vulnerabilities that most programmers often underestimate could have allowed hackers to evade privacy and security of your virtual reality experience as well as the real world. According to the researchers—Ibrahim Baggili, Peter Casey and Martin Vondráček—the underlying

Posted in Bigscreen VR, Cross site scripting, hacking news, VR apps, vr experience, vr headset, Vulnerability | Comments (0)

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws

January 16th, 2019
A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world's most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites' visitors at risk of hacking. Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker News, discovered roughly

Posted in best web hosting, cheap web hosting, Cloud hosting, Cross site scripting, Dedicated Hosting, free web hosting, hosting services, Vulnerability, Web Application Vulnerability, Web hosting service | Comments (0)

IBM Patches Reflected XSS in Worklight, MobileFirst

August 2nd, 2017

IBM fixed a cross-site scripting vulnerability in its Worklight and MobileFirst products that could have let an attacker steal sensitive information.

Posted in Cross site scripting, Emaze Networks, Gabriele Gristina, IBM, MobileFirst, vulnerabilities, Worklight, XSS | Comments (0)

Apple Releases Dozens of Security Patches for Everything

May 16th, 2017

While Windows users are currently in fear of getting their systems hijacked by the WannaCry ransomware outbreak, Apple users are sitting relaxed, thinking that malware attacks are something that happens to Windows users, and not Apple.

But you are mistaken – Apple products are also not immune to the hack attacks and malware infections, as an ebook can hack your Mac, iPhone, and iPad.


Posted in apple security, Apple TV, Cross site scripting, hacking news, iOS Update, ipad hacking, iPhone Security, remote code execution, Security patch Update, update iphone, Vulnerability | Comments (0)

Workarounds Available for Flaws in Siemens RUGGEDCOM Gear

March 29th, 2017

Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it’s unknown whether patches will be made available.

Posted in critical infrastructure, Cross site scripting, file upload vulnerability, harsh environments, Input validation, Maxim Rupp, path traversal, RuggedCom, server misconfiguration, Siemens, vulnerabilities | Comments (0)

Vulnerability Disclosed in Ubquiti Networks Admin Interface

March 17th, 2017

Researchers at SEC Consult disclosed a command injection vulnerability in Ubiquiti Networks gear for ISPs after a private disclosure to the vendor in November went unresolved.

Posted in command injection vulnerability, Cross site scripting, Cross-site request forgery, ISP gear, networking gear, PHP, SEC Consult Vulnerability Lab, Ubiquiti Networks, vulnerabilities | Comments (0)