Hello list!
These are Cross-Site Scripting and Cross-Site Request Forgery
vulnerabilities in Zyxel P660RT2 EE ADSL Router.
-
Affected products:
-
Vulnerable is the next model: Zyxel P660RT2 EE. ZyNOS Firmware Version:
V3.40 (AXN.1). This model
Hi all,
Yes Christian, this might be a security vulnerability, but it's an edge
case.
To me, the problem here is the difference between the user expectation and
what really happens.
A clear case of a similar vuln is when you log out of a website and what
the website actually does is just deleting
One should not take this shit;
https://www.youtube.com/watch?v=k-xSP_T0VqU
Be a voice:
https://dearfcc.org/
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldis
Also thanks to Rikairchy, I got an invite.
I opted not to upload my private key, and it's still a pretty useful
service without that.
Github, twitter & bitcoin address, signed by my priv key offline. The
"tracking" feature is probably the easiest implementation of web-of-trust
I've seen.
On 22
On Monday, June 23, 2014, Jonathan Care wrote:
>
> Projects like keybase.io, mailvelope, and so on
>
You namedrop these projects as if they're the same thing, but they're not.
- Keybase.io is a web page, and last I looked, they weren't using CSP,
which would help prevent XSS
- Mailvelope (which
After reading your history theft with CSS article, it got me wondering if
that's what the Passpack service is doing. I've been using passpack.com for
a while and after logging in to my account it always asks to 'click on the
black square to continue'. The page shows 8 white squares with one black
Hi @ll,
the batch script WINRM.CMD, which contains just the single line
@cscript //nologo "%~dpn0.vbs" %*
allows a binary planting or squatting attack: WINRM.CMD executes a
rogue CSCRIPT.COM, CSCRIPT.EXE, CSCRIPT.BAT, CSCRIPT.CMD etc. (see
environment variable PATHEXT) from the current working d
HP Enterprise Maps 1.00 Authenticated XXE vulnerability
http://www8.hp.com/us/en/software/enterprise-software.html
Any user that has the ability to import a file to create an artifact (most,
if not all authed users?)
can upload a specially crafted WSDL that will read files such as
/etc/passwd.
Vulnerability title: Multiple Cross Site Scripting in Sophos Antivirus
Configuration Console (Linux)
CVE: CVE-2014-2385
Vendor: Sophos
Product: Antivirus
Affected version: 9.5.1
Fixed version: 9.6.1
Reported by: Pablo Catalina
Details:
The Configuration Console of Sophos Antivirus 9.5.1 (Linux) d
Vulnerability title: Arbitrary Code Execution in G Data TotalProtection 2014
CVE: CVE-2014-3752
Vendor: G Data
Product: TotalProtection 2014
Affected version: v24.0.2.1
Fixed version: N/A
Reported by: Kyriakos Economou
Details:
G Data TotalProtection 2014 v24.0.2.1 and possibly earlier versions a
Advisory: Endeca Latitude Cross-Site Scripting
RedTeam Pentesting discovered a Cross-Site Scripting (XSS)
vulnerability in Endeca Latitude. By exploiting this vulnerability an
attacker is able to execute arbitrary JavaScript code in the context
of other Endeca Latitude users.
Details
===
Pr
Advisory: Endeca Latitude Cross-Site Request Forgery
RedTeam Pentesting discovered a Cross-Site Request Forgery (CSRF)
vulnerability in Endeca Latitude. Using this vulnerability, an attacker
might be able to change several different settings of the Endeca
Latitude instance or disable it entirely.
12 matches
Mail list logo
