Found 3 bookmarks
Custom sorting
Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun t
#zerodayinitiative#EN#2024#SharePoint#XML#eXternal#vulnerability#CVE-2024-30043
·zerodayinitiative.com·
Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
In October of this year, we received a report from ngocnb and khuyenn from GiaoHangTietKiem JSC covering a SQL injection vulnerability in WordPress. The bug could allow an attacker to expose data stored in a connected database. This vulnerability was recently addressed as CVE-2022-21661 ( ZDI-22-020
#zerodayinitiative#EN#2022#CVE-2022-21661#SQL-injection#vulnerability#WordPress
·zerodayinitiative.com·
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
In October of this year, we received a report from ngocnb and khuyenn from GiaoHangTietKiem JSC covering a SQL injection vulnerability in WordPress. The bug could allow an attacker to expose data stored in a connected database. This vulnerability was recently addressed as CVE-2022-21661 ( ZDI-22-020
#zerodayinitiative#EN#2022#CVE-2022-21661#SQL-injection#vulnerability#WordPress
·zerodayinitiative.com·
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection