Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Event Updates

Content tagged with Black Hat posted in January 2015
Black Hat Asia 2015: Android Assault
Event Updates  |  1/22/2015  | 
Black Hat Asia 2015 is just over two months away, so it's high time to start exploring the numerous exciting Black Hat Briefings that'll be on offer. Black Hat's signature Briefings offer an oft-imitated, seldom equaled combo of hardcore technical insights presented by world-class experts, but you probably knew that. Today's inaugural trio of Briefings all touch on Google's incredibly popular mobile operating system …
Black Hat Asia 2015: One of Everything
Event Updates  |  1/20/2015  | 
Our fifth and final Black Hat Asia 2015 Training update brings word of a potpourri of hands-on topics. Between coding fuzzers, hacking software-defined radio, and assembling custom pentest gadgets, there's something here for everyone. Well, everyone who'd come to a Black Hat event, anyway.
Black Hat Asia 2015: Bread & Butter
Event Updates  |  1/15/2015  | 
When you hear Black Hat, the one word you tend to think of is... well, OK, maybe "security." But hacking is surely a close second. This Black Hat Asia 2015 intel update highlights just why, with two key Trainings that cover attack vectors, tools, and techniques.
Black Hat Asia 2015: Get Smart
Event Updates  |  1/13/2015  | 
"Knowledge is power" may be something of a clich, but it's absolutely true when it comes to gathering and exploiting intel. Knowledge brings victory, so those better versed in acquiring it will prosper. Both of today's Black Hat Asia 2015 Training highlights delve into generating and using intel, but come at the topic from two distinct places.
Black Hat Asia 2015: Hide and Seek
Event Updates  |  1/8/2015  | 
Most children enjoy hide and seek, but for jaded adults to enjoy the classic pastime, it needs a little extra... I don't know, danger? You know, to keep things exciting. Today we'll check out two Black Hat Asia 2015 Trainings -- one involving hiding, the other seeking -- that could well deliver a thrilling jolt of excitement, should you be the right kind of security geek.
Black Hat Asia 2015: Pentest Trainings
Event Updates  |  1/6/2015  | 
For the second year running -- it's almost a tradition! -- Black Hats returning to the Marina Bay Sands in Singapore to put on Black Hat Asia 2015, where the industry's brightest professionals and researchers will gather for four days.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23369
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23370
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
CVE-2020-23371
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVE-2020-23373
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23374
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.