CMS – Page 3 – WindowsTechs.com

LFI to RCE through User-Agent

Posted on June 24, 2020 by mat80n2012 cerqueira

I’m doing a pentest on a FreeBSD machine running CuppaCMS. Already managed to login into the CMS with admin privilege, but it only takes me to a manager menu, with some options to change some tables and stuff like that, no RCE visible esca… Continue reading LFI to RCE through User-Agent→

Drupal fixes three vulnerabilities, including one RCE

Posted on June 19, 2020 by Zeljka Zorz

Drupal’s security team has fixed three vulnerabilities in the popular content management system’s core, one of which (CVE-2020-13663) could be exploited to achieve remote code execution. Drupal is a free and open-source web content manageme… Continue reading Drupal fixes three vulnerabilities, including one RCE→

Joomla Open-Source CMS Affected by Data-Breach

Posted on June 2, 2020 by Silviu STAHIE

A data breach affecting Joomla, the popular open-source content management system (CMS), was announced by its developers from Open Source Matters. While some data breaches take place when bad actors use vulnerabilities or cyberattacks, that’s not… Continue reading Joomla Open-Source CMS Affected by Data-Breach→

Joomla suffers security breach exposing user records

Posted on June 1, 2020 by Deeba Ahmed

By Deeba Ahmed
It total, 2,700 Joomla user records were exposed, Hackread.com has learned.
This is a post from HackRead.com Read the original post: Joomla suffers security breach exposing user records
Continue reading Joomla suffers security breach exposing user records→

Openssl cms verify signature with timestamp and crl

Posted on April 26, 2020 by Saurabh

I’ve used OpenSSL cms to sign the data and generate a detached signature. As per my requirements, I need to timestamp the signature as well, so that if the certificate expired, verification of signature can be done. The generated timestamp… Continue reading Openssl cms verify signature with timestamp and crl→

Magento patches critical code execution vulnerabilities, upgrade ASAP!

Posted on January 30, 2020 by Zeljka Zorz

Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution. About the fixed vulnerabilities According to the… Continue reading Magento patches critical code execution vulnerabilities, upgrade ASAP!→

How to encode a CMS or S/MIME PEM file with OpenSSL not encrypted or digitally signed?

Posted on November 13, 2019 by pragmatic_programmer

We developed an application that reads a CMS encoded PEM file with this command:

$ openssl cms -verify -in filepath -inform PEM -noverify

The file is digitally signed, but we don’t care about it, as we only want to extract … Continue reading How to encode a CMS or S/MIME PEM file with OpenSSL not encrypted or digitally signed?→

Assessing Content Management System Security

Posted on October 25, 2019 by Kayla Matthews

As more businesses turn paperless and strive for more efficiency, content management systems become more and more popular. But having all your sensitive information in one place can be a risk. The companies that make these systems understand the need … Continue reading Assessing Content Management System Security→

what can you do in sql login details and encryption key is available

Posted on September 24, 2019 by Danny

I am practicing pen testing in a protected box and I have a vulnerable Magento website and I managed to get its MySQL config file which is app/etc/local.xml.

In this file there is information such as:

<crypt>
&lt… Continue reading what can you do in sql login details and encryption key is available→

Social engineering forum hacked, user data dumped on rival site

Posted on June 26, 2019 by Lisa Vaas

Social Engineered, dedicated to the “Art of Human Hacking,” was gutted, with 55,121 users’ details leaked on the same day as the hack. Continue reading Social engineering forum hacked, user data dumped on rival site→