All Vulnerabilities
WordPress Core is prone to a directory traversal vulnerability. A successful exploit of this vulnerability could allow attackers to read arbitrary files on the computer.
WordPress All In One SEO Pack Plugin Persistent XSS Vulnerability
Severity: 
Date Published: 21 Sep 2016
A cross-site scripting (XSS) vulnerability exists in All In One SEO Pack plugin, used in WordPress, allow remote attackers to execute same-origin JavaScript functions via crafted parameter.
WordPress Activity Log Plugin Cross-Site Scripting Vulnerability
Severity: 
Date Published: 21 Sep 2016
A cross-site scripting (XSS) vulnerability exists in WordPress Activity Log plugin, allow remote attackers to execute same-origin JavaScript functions via crafted parameter. A successful attack could lead sensitive information disclosure.
SAP NetWeaver 7.4 is prone to a cross-site scripting vulnerability. An anonymous attacker can use a special HTTP request to hijack session data of administrators or users of the web resource.
Nagios XI is prone to a SQL injection vulnerability. A remote, unauthenticated attacker can exploit this vulnerability by sending an HTTP request with a malicious SQL query to the target server. Successful exploitation could lead to the disclosure of sensitive information from the database such as API keys for administrative users.
SQL injection vulnerability in Joomla SecurityCheck extension allows attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in Joomla allows attackers to execute arbitrary SQL commands via unspecified vectors.
Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-3321)
Severity: 
Date Published: 21 Sep 2016
A file name information disclosure vulnerability was discovered within Internet Explorer. The issue lies in the fact that Internet Explorer's behavior changes when dealing with URIs that point to existing local files versus URIs that point to non-existent files. It allows malicious pages to enumerate the existence of files in the victim's file system. This vulnerability was triggered only by local pages or ones opened from a network share.
Adobe Flash Player Use After Free Vulnerability (CVE-2016-4227)
Severity:
Date Published: 21 Sep 2016
Adobe Flash Player is prone to a use after free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.
Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
Severity:
Date Published: 21 Sep 2016
Microsoft Edge is prone to an unspecified memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application.
Featured Stories
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more