CSRF

Pierluigi Paganini January 02, 2018
CSRF Vulnerability in phpMyAdmin allows attackers to perform DROP TABLE with a single click!

The development team of phpMyAdmin has fixed a CSRF vulnerability in phpMyAdmin that could be exploited by attackers for removing items from shopping cart. Researcher Ashutosh Barot has discovered a critical CSRF vulnerability in phpMyAdmin that could be exploited by attackers to perform malicious operations like drop tables and delete records. phpMyAdmin developers released the version 4.7.7 that addresses the […]

Pierluigi Paganini October 24, 2017
Researcher spotted flaws in the web-based version of popular Sarahah app

A security researcher discovered a number of embarrassing vulnerabilities in the popular anonymous feedback app Sarahah. The anonymous feedback app Sarahah makes the headlines once again, according to the according to security researcher Scott Helme, the web-based version of the app is plagued with security flaws. Sarahah mobile app allows users to receive anonymous feedback […]

Pierluigi Paganini May 19, 2017
WordPress 4.7.5 release addresses six security vulnerabilities

The new WordPress 4.7.5 release fixes six security vulnerabilities affecting version 4.7.4 and earlier, including XSS, CSRF, SSRF flaws. The WordPress 4.7.5 release patches six vulnerabilities affecting version 4.7.4 and earlier. The latest version addresses cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF) flaws. Below the list of the security issues fixed […]

Pierluigi Paganini May 11, 2017
Patch your Asus RT wireless routers now to avoid ugly surprises

Security experts at Nightwatch Cybersecurity have found serious flaws in the Asus RT wireless routers that could allow hackers to take over them. Security experts at Nightwatch Cybersecurity serious flaws in the Asus RT wireless routers. Dozens of models don’t implement an adequate protection against cross-site request forgery attacks. The vulnerability, tracked as CVE-2017-5891, affects the Asus RT […]

Pierluigi Paganini April 14, 2017
Hundreds of thousands Magento e-shops are exploited to hack due to an unpatched flaw

An unpatched vulnerability in Magento platform could be exploited by hackers to compromise fully web servers that host the e-commerce sites. An unpatched vulnerability in the Magento e-commerce platform could be exploited by attackers to upload and execute malicious PHP scripts on web servers that host online shops. The vulnerability was reported by experts at […]

Pierluigi Paganini March 08, 2017
Serious flaws in Western Digital My Cloud NAS devices allow attackers to fully control them

Researchers discovered serious issues in Western Digital My Cloud NAS that can be exploited by attackers to gain root control of the affected devices. Western Digital Corporation network-attached storage owners were warned of Critical flaws in Western Digital NAS boxes of the My Cloud NAS line could be exploited by remote attackers to gain remote control […]

Pierluigi Paganini March 07, 2017
WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched. WordPress has issued a new security release, the WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè Dale, Yorick Koster, Simon P. Briggs, Marc […]

Pierluigi Paganini April 08, 2016
More than 135 million ARRIS cable modems vulnerable to remote attacks

Attackers can exploit the flaws in the ARRIS SURFboard cable modems to remotely knock out the device, more than 135 million device open to attacks. The security expert David Longenecker reported security vulnerabilities affecting the popular broadband cable SURFboard modems produced by the ARRIS (formerly Motorola). The ARRIS  SB6141 model is available for sale for around $70 US, […]

Pierluigi Paganini January 07, 2016
Unpatched Drupal flaws open websites to attacks

IOActive has uncovered a number of serious vulnerabilities affecting the Drupal CMS that could be exploited to completely takeover the vulnerable websites. A new vulnerability affecting Drupal could be exploited for code execution and database credentials theft (by Man-in-the-Middle), according to Fernando Arnaboldi, a senior security consultant working in IOActive. Fernando Arnaboldi says that the […]

Pierluigi Paganini June 12, 2015
Dark Web – Agora users targeted by a hacking campaign

Users of the popular Agora Dark Market have been targeted by unknown crooks who sent them malicious java script exploit that tries to steal their Bitcoin. Users of the popular Agora Marketplace have been targeted by unknown crooks who sent them malicious messages trough their PM system. The messages contain a malicious java script exploit that […]