[FD] Multiple vulnerabilities in Untangle NGFW 9-11

Multiple issues have been discovered in the Untangle NGFW virtual appliance. The vendor was unresponsive and uncooperative to the researcher. - Persistent XSS leading to root Authentication requiredConfirmed in versions 9 and 11 (up to rev r39357) Throughout the Untangle user interface there are

[FD] OpenKM Platform Remote Reflected Cross Site Scripting

# Exploit Title: OpenKM Platform Remote Reflected Cross Site Scripting # Google Dork: N/A # Date: 18-11-2014 # Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh) # Vendor Homepage: http://www.openkm.com/en / # Software Link: http://ww

[FD] MikroTik RouterOS Admin Password Change CSRF

# Exploit Title: MikroTik RouterOS Admin Password Change CSRF # Google Dork: N/A # Date: 23-2-2015 # Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh) # Vendor Homepage: http://www.mikrotik.com / # Software Link: http://www.mikrotik.

Re: [FD] Partial pointer leaks

Not exactly what you're after, but might interest you anyway: http://scarybeastsecurity.blogspot.co.il/2011/03/multi-browser-heap-address-leak-in-xslt.html On Sat, Mar 7, 2015 at 3:13 AM, Christophe Hauser wrote: > On Thu, Mar 05, 2015 at 10:42:15AM -0800, Robert Święcki wrote: > > I'm not sure