CVE-2020-18409

Read Time:9 Second

Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.

Read More

CVE-2020-18404

Read Time:9 Second

An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter.

Read More

Typing Incriminating Evidence in the Memo Field

Read Time:29 Second

Don’t do it:

Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though:

Over a three-year period, Taylor appeared to pay Denise Lodge more than $37,000 for human remains. One payment, for $1,000 included the memo “head number 7.” Another, for $200, read “braiiiiiins.”

It’s so easy to think that you won’t get caught.

Read More

CVE-2020-18416

Read Time:10 Second

An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information.

Read More