Computer Security Information
A list of articles about Computer Security in general and Web Security specifically.
Scripts
- Mass-Download WordPress plugins for source code analysis
- ClickAnywhere: An advanced Clickjacking script
Vulnerability disclosures
External
More advisories that I did not write in my free time can be found at:
PHP Software
- PivotX 2.3.10: Session Fixation (CVE-2015-5458), Reflected XSS (CVE-2015-5456), Code Execution(CVE-2015-5457)
- Beehive Forum 1.4.5: Multiple XSS & CSRF
- GetSimpleCMS 3.3.5: XSS (CVE-2015-5356), Code Execution, DOS, Password Leak, Misc
- TinyWebGallery 2.3.2: Reflected XSS
- ZenPhoto 1.4.8: Second Order SQL Injection, Reflected XSS, Path Traversal
- LimeSurvey 2.05+: Persistent XSS
WordPress Plugins
- WordPress File Upload 2.7.6: Code Execution, CSRF, XSS, Arbitrary File Download
- My Calendar 2.3.29: Arbitrary File Override, Code Execution, Reflected XSS
- Visual Form Builder 2.8.2: SQL Injection & Reflected XSS
- Anti-Malware and Brute-Force Security by ELI 4.15.17: Multiple Reflected XSS
- Contact Form DB 2.8.17: Reflected XSS
- Forminator 1.5.4: Unauthenticated Persistent XSS (CVE-2019-9567), Blind SQL Injection (CVE-2019-9568), Misc
- Contact Form Email 7.10.41: Reflected XSS (CVE-2019-9646), CSRF
- Quiz And Survey Master 6.0.4: Reflected XSS (CVE-2019-9575)
- KingComposer 2.7.6: Reflected XSS
- WP Live Chat Support 8.0.17: Reflected XSS
- wpGoogleMaps 7.10.41: Reflected XSS
- NextScripts: YOP Poll 6.0.2: Reflected XSS
- Blog2Social 5.0.2: Reflected XSS (CVE-2019-9576s)
- KingComposer 2.7.6: Reflected XSS
- Font_Organizer 2.1.1: Reflected XSS
- NextScripts: Social Networks Auto-Poster 4.2.7: Reflected XSS
Hardware / Devices
Routers, printers, etc.
- TP-Link TL-WR841N v13: CSRF (CVE-2018-12574), Authenticated Blind Command Injection (CVE-2018-12577), Broken Authentication (CVE-2018-12575), Missing HTTPS, Clickjacking (CVE-2018-12576)
Misc
- Mod_Security with Core Rule Set: Filter Bypass