instead be pointing developers in
the direction of using something off-the-shelf, such as libsodium.
Much less room for error.
tim
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
nearly as easy to expose
(usually only minor block-level information leaks). In the real world
I see these kinds of mistakes all of the time. So be careful of
steering people toward a mode that doesn't degrade as gracefully when
developers make mistakes. They invariably will do so, unless they'v
the world can
hijack your DNS resolver[1].
The dividing line between "internal network" and the Internet is
becoming fuzzier every day. It is getting easier to get inside and
yet everyone still seems to run an unsegmented internal "trusted"
network.
tim
1.
http://arstechnica.
application defines as relevant. Until then, I'm recommending to
my clients that they avoid Struts like the plague.
tim
1. http://seclists.org/fulldisclosure/2014/Mar/53
On Thu, Apr 24, 2014 at 05:37:13PM +0200, Rene Gielen wrote:
> In Struts 2.3.16.1, an issue with ClassLoader man
hen don't you also need to check for
"^Request...", "^Session...", "^Struts...", and so on? Or is it
actually case insensitive and you're just being unnecessarily careful
with "class"?
Also: Thought about unicode lately?
tim
PS- yes, I'm too
just fingerpointing, he/she is heartly welcome!
Something that doesn't allow you to directly call methods, and only
allows you to access properties on objects explicitly defined by the
app developer. Keep the syntax similar if you like, but chuck the
reflection. Data is data. Code is code. Keep them separate.
tim
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
he #!
header. (I notice some dhclient shell script hooks don't make an
explicit reference at all, while others reference /bin/sh.)
tim
1. Under Debian/Ubuntu, 'sudo apt-get install dash' and saying "yes"
at the prompt can quickly accomplish this.
___
Invest more in up-front security testing and Q/A, so they aren't
shipping vulnerable code to begin with.
C. Do both A and B
Preventing these bugs isn't black magic. It isn't rocket surgery.
It's just a matter of getting business leaders to care about shipping
quality code.
Thanks for posting this to FD, these didn't even include it in their
release notes;
http://developer.xamarin.com/releases/android/xamarin.android_5/xamarin.android_5.1/
Was there a bug reported in bugzilla to link back too?
-Tim Strazzere
On Tue, May 19, 2015 at 6:49 AM, ValdikSS
Isn't this the public bug tracker?
https://bugzilla.xamarin.com/describecomponents.cgi?product=Android
Though, correct that case id doesn't map to anything there.
-Tim Strazzere
On Tue, May 19, 2015 at 2:32 PM, ValdikSS wrote:
> They don't have public bugtracker. Case ID
[Author:] Tim Tepatti
[Website:] tepatti.com
[Title:] Hard-coded credentials on ProGrade/Lierda Grill Temperature
Monitor [CVE-2019-15304]
[Product:] Grill Temperature Monitor
[Manufacturer:] ProGrade / Lierda
[Affected Version(s):] V1.00_50006
[Tested Version(s):] V1.00_50006
[Vulnerability
What's the issue here exactly? An attacker can just prevent an the in app
update check from realizing it needs to nag the user?
The actual update logic and update-ability is controlled through the Play
Store, no?
-Tim Strazzere
On Tue, Nov 26, 2019 at 10:27 AM David Coomber <
davidcoom
ver name
Value for ldap server name field:
Name_of_ldap_serveralert("XSS")
The script is inserted to the configuration page persistent until the ldap
server is deleted from database again.
Best regards / Mit freundlichen Grüßen
Tim Schughart
CEO | IT Security specialist
ProSec Net
ver name
Value for ldap server name field:
Name_of_ldap_serveralert("XSS")
The script is inserted to the configuration page persistent until the ldap
server is deleted from database again.
Best regards / Mit freundlichen Grüßen
Tim Schughart
CEO | IT Security specialist
ProSec Net
not patch the vuln.
Fixed versions: -
Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks
Vendor notification: 2016-09-21
Solution date:
Public disclosure: 2016-09-29
CVE reference:
CVSSv3: 8.0 AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
<https://nvd.nist.gov/cvss/v3-cal
(not
tested)
Vulnerable component: Frontend
Report confidence: yes
Solution status: Not fixed by Vendor, no further responses from vendor.
Fixed versions: -
Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks
Vendor notification: 2016-09-01
Solution date: -
Public disclosure
sions affected (not
tested)
Vulnerable component: Database
Report confidence: yes
Solution status: Not fixed by Vendor, the bug is a feature.
Fixed versions: -
Researcher credits: Tim Schughart, Immanuel Bär, Khanh Quoc Pham of ProSec
Networks
Solution date: -
Public disclosure: 2016-09-3
to the ap.
Best regards
Tim Schughart
> Am 01.10.2016 um 15:30 schrieb Carlos Silva :
>
> Hi Tim!
>
> I can be missing something here but I just checked this on a fresh installed
> Unifi Controller and mongod is binding to localhost making this a non-issue.
> Or, you
:U/C:H/I:H/A:H
Do you agree?
I’m looking forward to minimize our "race time condition denial of service", to
deliver fast results in future :-P
Best regards / Mit freundlichen Grüßen
Tim Schughart
CEO / Geschäftsführer
--
ProSec Networks e.K.
Ellingshohl 82
56076 Kobl
Nope, works also on other protocols like IMAPS.
Am 08.04.2014 15:30, schrieb Chris Schmidt:
> The bug is in the TLS implementation in OpenSSL, you will only see it on
> https
>
> Sent from my iPhone
>
>> On Apr 8, 2014, at 4:43 AM, "Nik Mitev" wrote:
>>
>> I used the tool Kirils linked (http:/
enSSL for one reason or
another.
Cheers!
-Tim
---
Tim Heckman
Operations Engineer
PagerDuty, Inc.
[1] http://brew.sh/
[2]
bind
curl
curl
ejabberd
elinks
git
imapfilter
ircd-hybrid
irssi
ldns
lftp
liblacewing
libssh2
libtorrent-rasterbar
lynx
midnight-commander
mongodb
monkeysphere
mosquitto
mut
'))).hexdigest()
print whoops
--
In theory this bug will give you enough ammunition to calculate the
contents of the /etc/psa/private/secret_key as we have part of the salt,
and already know the outcome of a insecure hashing algorithm to match
against.
I'm glad nobod
/2018
* Public Disclosure: 02/05/2019
* Credit: Tim Coen
## Unauthenticated Persistent XSS via poll
# CVSS
7.2 High
[CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
# Details
Custom fields of a poll
/2019
* Credit: Tim Coen
# CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
# Overview
The Quiz And Survey Master WordPress plugin is vulnerable to reflected
XSS as it echoes the quiz_id
* Credit: Tim Coen
# CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
# Overview
The Blog2Social WordPress plugin is vulnerable to reflected XSS as it
echoes the b2s_update_publish_date
blic Disclosure: 02/05/2019
* Credit: Tim Coen
## Reflected XSS
# CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
# Overview
The Contact Form Email WordPress plugin is vulnerabl
* Credit: Tim Coen
# CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
# Overview
The Font_Organizer WordPress plugin is vulnerable to reflected XSS as it
echoes the manage_font_id parameter
* Vulnerability: XSS
* Affected Software: [Give](https://wordpress.org/plugins/give/)
* Affected Version: 2.3.0
* Patched Version: 2.3.1
* CVE: not requested
* Risk: Medium
* Vendor Contacted: 11/24/2018
* Vendor Fix: 12/13/2018
* Public Disclosure: 02/05/2019
* Credit: Tim
: Tim Coen
# CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
# Overview
The KingComposer WordPress plugin is vulnerable to reflected XSS as it
echoes the id parameter without proper
* Vendor Fix: 11/02/2018
* Public Disclosure: 02/05/2019
* Credit: Tim Coen
# CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
# Overview
The Social Networks Auto-Poster WordPress
/2019
* Credit: Tim Coen
# CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
# Overview
The wpGoogleMaps WordPress plugin is vulnerable to reflected XSS as it
echoes PHP_SELF without
/05/2019
* Credit: Tim Coen
# CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
# Overview
The WP Live Chat Support WordPress plugin is vulnerable to reflected XSS
as it echoes the term
: Tim Coen
# CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
# Overview
The YOP poll WordPress plugin is vulnerable to reflected XSS as it
echoes the poll_id parameter without proper
out this?
Best regards / Mit freundlichen Grüßen
Tim Schughart
CEO / Geschäftsführer
--
ProSec GmbH
Robert-Koch-Straße 1-9
56751 Polch
Website: https://www.prosec-networks.com
Phone: +49 (0)261 450 930 90
Sitz der Gesellschaft / company domiciled in: Polch
Registergericht / re
34 matches
Mail list logo
