Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Yelp: DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Yelp: DoS of https://blog.yelp.com/ and other WP instances via CVE-2018-6389


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
Description: There is possibility in /wp-admin/load-scripts.php script to generate large (~3Mb) amount of data via simple non-authenticated request to server. The vulnerability is registered as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389 Details: Detailed attack scenario is described for example here: https://baraktawily.blogspot.ru/2018/02/how-to-dos-29-of-world-wide-websites.html Affected URL: https://www.yelpreservations.com/blog/wp-admin/load-scripts.php?load=common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-transfer How to fix: RewriteCond %{QUERY_STRING} ^.{1000,}$ RewriteRule ^WP-ADMIN/LOAD-SCRIPTS.PHP$ - f add this to your .htaccess Impact DoS of the site and application... ...



๐Ÿ“Œ Yelp: yelp.com and biz.yelp.com ATO via XSS + Cookie Bridge


๐Ÿ“ˆ 56.43 Punkte

๐Ÿ“Œ Yelp: Multiple Vulnerabilities in (*.blog.yelp.com) - Leakage user admin Sensitive Exposure


๐Ÿ“ˆ 41.27 Punkte

๐Ÿ“Œ Gnome yelp up to 2.19.89 URI yelp-window.c window_error memory corruption


๐Ÿ“ˆ 31.75 Punkte

๐Ÿ“Œ Yelp: Email flooding using user invitation feature in biz.yelp.com due to lack of rate limiting


๐Ÿ“ˆ 31.75 Punkte

๐Ÿ“Œ Yelp: CORS Misconfiguration on trust.yelp.com


๐Ÿ“ˆ 31.75 Punkte

๐Ÿ“Œ Yelp: CORS Misconfiguration on Yelp


๐Ÿ“ˆ 31.75 Punkte

๐Ÿ“Œ Yelp: Subdomain Takeover on delivey.yelp.com


๐Ÿ“ˆ 31.75 Punkte

๐Ÿ“Œ GitLab instances and other alternatives


๐Ÿ“ˆ 25.85 Punkte

๐Ÿ“Œ CentOS Blog: Speeding-up Yum for CentOS EC2 instances


๐Ÿ“ˆ 25.26 Punkte

๐Ÿ“Œ Internet Bug Bounty: CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags


๐Ÿ“ˆ 25.23 Punkte

๐Ÿ“Œ [dos] Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass


๐Ÿ“ˆ 24.19 Punkte

๐Ÿ“Œ Yelp: JDBC credentials leaked via github


๐Ÿ“ˆ 22.89 Punkte

๐Ÿ“Œ [dos] macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances


๐Ÿ“ˆ 22.81 Punkte

๐Ÿ“Œ FBI: Hackers stole government source code via SonarQube instances


๐Ÿ“ˆ 22.76 Punkte

๐Ÿ“Œ Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances


๐Ÿ“ˆ 22.76 Punkte

๐Ÿ“Œ FetLife: Stored XSS via Angular Expression injection via Subject while starting conversation with other users.


๐Ÿ“ˆ 22.34 Punkte

๐Ÿ“Œ How to change Primary Blog and Blog Name on Tumblr


๐Ÿ“ˆ 20.83 Punkte

๐Ÿ“Œ Medium CVE-2020-21179: Koa2-blog project Koa2-blog


๐Ÿ“ˆ 20.21 Punkte

๐Ÿ“Œ Medium CVE-2020-21180: Koa2-blog project Koa2-blog


๐Ÿ“ˆ 20.21 Punkte

๐Ÿ“Œ CVE-2022-2740 | SourceCodester Company Website CMS Add Blog /dashboard/add-blog.php ufile unrestricted upload


๐Ÿ“ˆ 20.21 Punkte

๐Ÿ“Œ CVE-2023-29639 | zhenfeng13 My-Blog Blog Article Page cross site scripting (Issue 131)


๐Ÿ“ˆ 20.21 Punkte

๐Ÿ“Œ CVE-2023-29636 | zhenfeng13 My-Blog Blog Management Page title cross site scripting (Issue 131)


๐Ÿ“ˆ 20.21 Punkte

๐Ÿ“Œ CVE-2019-17535 | Gila CMS up to 1.11.4 Blog Theme/Mag Theme blog-list.php search cross site scripting


๐Ÿ“ˆ 20.21 Punkte

๐Ÿ“Œ Fixing thunderbolt 3 hotplugging on Lenovo Yoga C940 (and other Lenovo Yoga/Ideapad devices) (and possibly other devices with MIMO BAR)


๐Ÿ“ˆ 20.21 Punkte

๐Ÿ“Œ Learn Live - Deploy and configure servers, instances, and databases for Azure SQL


๐Ÿ“ˆ 19.33 Punkte

๐Ÿ“Œ Using Lambda and EventBridge to automatically stop and start EC2 Instances


๐Ÿ“ˆ 19.33 Punkte

๐Ÿ“Œ AtlasReaper - A Command-Line Tool For Reconnaissance And Targeted Write Operations On Confluence And Jira Instances


๐Ÿ“ˆ 19.33 Punkte

๐Ÿ“Œ ABT Blog v2.0 Blog Scripti Disclosure Exploit


๐Ÿ“ˆ 19.03 Punkte

๐Ÿ“Œ BP Blog v10.0 Blog Scripti Database Disclosure Exploit


๐Ÿ“ˆ 19.03 Punkte

๐Ÿ“Œ Mooseguy Blog System MGBS 1.0 blog.php month sql injection


๐Ÿ“ˆ 19.03 Punkte

๐Ÿ“Œ CentOS Seven blog: Seven.centos.org is dead .. long life to blog.centos.org !


๐Ÿ“ˆ 19.03 Punkte

๐Ÿ“Œ A-Blog 2 blog.php id sql injection


๐Ÿ“ˆ 19.03 Punkte











matomo