Recent content by Carnage
-
Web RCE, (Wordpress) Social Warfare Plugin <=3.5.2, CVE-2019-9978
CVE-2019-9978 is a remote code execution vulnerability that affected versions of the Social Warfare plugin for WordPress up to and including version 3.5.2. This vulnerability allowed an attacker to execute arbitrary code on a vulnerable website by exploiting a vulnerability in the plugin's REST...- Carnage
- Thread
- remote code execution rest api vulnerability wordpress plugin
- Replies: 10
- Forum: Exploits & PoCs
-
Web RCE, Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0, CVE-2019-2725
CVE-2019-2725 is a Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server, which was assigned a CVSSv3 severity score of 9.8 out of 10. The vulnerability affects versions 10.3.6.0.0 and 12.1.3.0.0 of the software. This vulnerability occurs due to improper input validation of the...- Carnage
- Thread
- cve-2019-2725 oracle weblogic server rce vulnerability remote code execution weblogic security
- Replies: 0
- Forum: Exploits & PoCs
-
Web Prototype Pollution, JavaScript library JQuery < 3.4.0, CVE-2019-11358
A dangerous vulnerability has been fixed in the popular jQuery JavaScript library, which is used by 74% of websites. Web developers are encouraged to update jQuery in their projects to version 3.4.0. This is a rare prototype pollution vulnerability, the essence of which security researchers...- Carnage
- Thread
- javascript security jquery security prototype pollution secure coding practices web application security
- Replies: 2
- Forum: Exploits & PoCs