Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin
Home » Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin
Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin
Condividi
RSS
Piu’ articoli…
- Analisi di sicurezza procedurale – Grazie per averci contattato!
- Zombie phishing: attenzione alle email, potrebbero essere zombie
- Ingegneria sociale: come gli hacker truffano le loro vittime
- Cos’è il phishing? Capire e individuare attacchi di ingegneria sociale
- Evitare il Ransomware: ecco perché è meglio non correre alcun rischio
- Ransomware a doppia estorsione: Cosa sono e come difendersi
- Zero-Day attack: cosa sono e come difendersi con SOCaaS
- Sistema di monitoraggio, una panoramica
Categorie …
- Backup as a Service (3)
- Acronis Cloud Backup (17)
- Veeam Cloud Connect (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- Log Management (2)
- Monitoraggio ICT (4)
- Novita' (12)
- ownCloud (7)
- Privacy (7)
- Secure Online Desktop (14)
- Security (5)
- Ethical Phishing (2)
- SOCaaS (12)
- Vulnerabilita' (82)
- Web Hosting (13)
Tags
CSIRT
- La Settimana Cibernetica del 21 febbraio 2021 Febbraio 22, 2021Il riepilogo delle notizie pubblicate dallo CSIRT italiano dal 15 al 21 febbraio 2021.
- Phishing a tema “Cessazione account di posta”
(AL01/210218/CSIRT-ITA) Febbraio 18, 2021Individuata una campagna phishing finalizzata al furto di credenziali che sfrutta finte pagine di verifica della propria casella di posta.
- Phishing a tema gestione documentale
(AL01/210217/CSIRT-ITA) Febbraio 17, 2021Individuate finte pagine di login ai servizi aziendali personalizzate con i riferimenti dell'organizzazione della vittima.
- Data breach di Facebook
(NE01/210216/CSIRT-ITA) Febbraio 16, 2021I dati personali di 35 milioni di italiani sono stati messi in vendita nel web.
- Vulnerabilità su VMware vSphere Replication
(AL01/210216/CSIRT-ITA) Febbraio 16, 2021È stata recentemente individuata una vulnerabilità nel prodotto VMware vSphere Replication.
- Campagna malspam a tema MISE
(AL01/210215/CSIRT-ITA) Febbraio 15, 2021Recentemente è stata osservata una campagna malspam che distribuisce il malware Gozi/Ursnif mediante comunicazioni che sembrano provenire dal Ministero dello sviluppo economico.
- La Settimana Cibernetica del 14 febbraio 2021 Febbraio 15, 2021Il riepilogo delle notizie pubblicate dallo CSIRT italiano dal 8 al 14 febbraio 2021.
- Vulnerabilità su McAfee Endpoint Security
(AL02/210211/CSIRT-ITA) Febbraio 11, 2021Sono state recentemente individuate e sanate 5 vulnerabilità nel prodotto McAfee Endpoint Security.
- Aggiornamenti Mensili Microsoft
(AL01/210211/CSIRT-ITA) Febbraio 11, 2021Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 56 vulnerabilità, 11 delle quali di livello critico.
- Phishing Amazon tramite Signal
(AL01/210210/CSIRT-ITA) Febbraio 10, 2021Di recente è stata rilevata una campagna di phishing a tema Amazon indirizzata verso utenti Signal.
Dark Reading:
- Kia Denies Ransomware Attack as IT Outage Continues Febbraio 19, 2021Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.
- Attackers Already Targeting Apple's M1 Chip with Custom Malware Febbraio 19, 2021A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
- Omdia's On-Demand Webinars Febbraio 19, 2021
- How to Fine-Tune Vendor Risk Management in a Virtual World Febbraio 19, 2021Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
- Microsoft Concludes Internal Investigation into Solorigate Breach Febbraio 18, 2021The software giant found no evidence that attackers gained extensive access to services or customer data.
- CrowdStrike Buys Log Management Startup Humio for $400M Febbraio 18, 2021CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
- Apple Offers Closer Look at Its Platform Security Technologies, Features Febbraio 18, 2021In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
- Microsoft Azure Front Door Gets a Security Upgrade Febbraio 18, 2021New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
- Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy Febbraio 18, 2021Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
- Data Security Accountability in an Age of Regular Breaches Febbraio 18, 2021As the number of vendors impacted by supply chain breaches grows, one constant question remains: Where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?
Full Disclosure
- [KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability Febbraio 20, 2021Posted by research on Feb 19-------------------------------------------------------------- docsify
- Backdoor.Win32.Bionet.10 / Anonymous Logon Febbraio 19, 2021Posted by malvuln on Feb 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/be559307f5cd055f123a637b1135c8d3.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bionet.10 Vulnerability: Anonymous Logon Description: The backdoor listens on TCP port 12348 and allows anonymous logon credentials to be used to access an infected host. Type: PE32 MD5: be559307f5cd055f123a637b1135c8d3 Vuln ID:...
- Backdoor.Win32.DarkKomet.apcc / Insecure Permissions Febbraio 19, 2021Posted by malvuln on Feb 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/8c82de32ab2b407451b9fc054c09f717.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.apcc Vulnerability: Insecure Permissions Description: DarkKomet.apcc creates an insecure directory under c:\ drive granting change (C) permissions to the authenticated user group and drops an EXE named...
- Backdoor.Win32.DarkKomet.bhfh / Insecure Permissions Febbraio 19, 2021Posted by malvuln on Feb 19Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/2e507b75c0df0fcb2f9a85f4a0c1bc04.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.bhfh Vulnerability: Insecure Permissions Description: DarkKomet.bhfh creates a hidden insecure directory under c:\ drive granting change (C) permissions to the authenticated user group. The backdoor also drops an EXE named...
- Multiple remote memory corruptions in Telegram's handling of animated stickers Febbraio 19, 2021Posted by polict of Shielder on Feb 19I have recently found and reported 13 memory corruptions to Telegram (https://telegram.org), you can find the just-published technical blog post at https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/ and advisories at https://www.shielder.it/advisories/ The vulnerable official clients for android, ios and macos have already been patched on september 30 and october 2, have a look […]
- [CSA-2021-001] Cross-Site Request Forgery in Apache MyFaces Febbraio 19, 2021Posted by Certitude - Advisories on Feb 19~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ Ceritude Securiy Advisory - CSA-2021-001 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ PRODUCT […]
- Backdoor.Win32.Agent.aak / Remote Buffer Overflow Febbraio 19, 2021Posted by malvuln on Feb 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a_C.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Remote Buffer Overflow Description: The HTTP backdoor server HBKDR v0.3 listens on TCP port 8080 and accepts HTTP POST requests, by sending a specially crafted HTTP HEAD request payload […]
- Backdoor.Win32.Agent.aak / Cross Site Request Forgery (CSRF) - Code Execution Febbraio 19, 2021Posted by malvuln on Feb 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Cross Site Request Forgery (CSRF) - Code Execution Description: Backdoor HTTP server HBKDR v0.3 executes commands on the infected host using an HTML form with POST method. The HTML […]
- Backdoor.Win32.Agent.aak / Weak Hardcoded Credentials Febbraio 19, 2021Posted by malvuln on Feb 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor server HBKDR v0.3 listens on TCP port 8080 and accepts HTTP POST requests in order to execute commands on the infected system. […]
- Rigged Race Against Firejail for Local Root: Using pipes/ptys to win races Febbraio 19, 2021Posted by Roman Fiedler on Feb 18Hello List, 100% reliable exploitation of file system time races (TOCTOU vulnerabilities) may be hard as the timing depends on numerous target system parameters (CPU cores, load, memory pressure, file system type, ...). Instead of optimizing the exploit to win the real race, the timing of Firejail stderr and […]
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Analisi di Sicurezza Procedurale Verifica che le operazioni in azienda rispettino gli standard imposti per il trat… https://t.co/HYs4UsX3mP
-
SecureOnlineDesktop
VPN Aziendali connessioni protette sempre e dovunque Gran parte del lavoro ormai passa per la rete,la sicurezza dev… https://t.co/ZreMXSsS17
-
SecureOnlineDesktop
Ultimamente ci sono stati casi critici di ransomware degni di nota. L’Universita' Tor Vergata ha subito un attacco… https://t.co/oHVilx0VXx
-
SecureOnlineDesktop
There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked… https://t.co/FQYuyKdAv6
-
SecureOnlineDesktop
2020 turned out to be a complicated year in many ways. Covid-19 has hit the whole world hard, with significant repe… https://t.co/a0GyChY2H1
Newsletter
Prodotti e Soluzioni
- Cloud Server
- Conferenza Cloud
- Web Hosting
- Cloud CRM
- Consulenza ICT | Outsourcing
- ownCloud
- BaaS | Cloud Backup
- Log Management
- Servizio di monitoraggio ICT
- Next Generation SIEM
- Phishing Etico
- VPN Aziendali
- Progetti ICT
- Consulenze
- Vulnerability Assessment & Penetration Test
- Progetti Web
- Privacy | GDPR
- SOC as a Service
News
- Analisi di sicurezza procedurale – Grazie per averci contattato! Febbraio 20, 2021
- Zombie phishing: attenzione alle email, potrebbero essere zombie Febbraio 15, 2021
- Ingegneria sociale: come gli hacker truffano le loro vittime Febbraio 10, 2021
- Cos’è il phishing? Capire e individuare attacchi di ingegneria sociale Febbraio 8, 2021
- Evitare il Ransomware: ecco perché è meglio non correre alcun rischio Febbraio 3, 2021
Recensioni Google






















Copyright © 2011 Secure Online Desktop s.r.l. All Rights Reserved.
VAT: 07485920966 “Cloud Computing services - Software cloud - Cloud server - VPS” Terms of ServicePrivacy Policy
ISO Certifications