555 matches found
Microsoft Lync 2012 Code Execution
Summary ======= Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. Microsoft was originally notified of this issue December 11, 2012. The details of this issue were made public January 11, 2013. CVE number: Not Assigned Impact: Low Vendor...
PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm
XSS Reflected Bugs in login.htm and error.htm ================================================================ PRTG V8.1.2.1809 All OS Versions: http://www.paessler.com/ I have discovered two XSS bugs within PRTG version 8.1.2.1809. These bugs are in the login.htm and error.htm documents. These...
PRTG 8.1.2.1809 Cross Site Scripting
XSS Reflected Bugs in login.htm and error.htm ================================================================ PRTG V8.1.2.1809 All OS Versions: http://www.paessler.com/ I have discovered two XSS bugs within PRTG version 8.1.2.1809. These bugs are in the login.htm and error.htm documents. These...
TYPO3 Security Bulletin
It has been discovered that the extension powermail powermail is vulnerable to Cross-Site Scripting, SQL Injection and Validation Bypass Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.5.3 and below Vulnerability...
Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker
The MiFi by Novatel Wireless re-branded and sold by multiple vendors such as Sprint and Verizon is a mobile wifi hotspot. The mifi also has a built in GPS to provide location based searching. Turns out that the web interface to this little device has a lot going on that can be exploited, from...
CVE-2009-4074
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting XSS attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an...
A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg...
alink-xsrfxss.xt
Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg [email protected] Device: A-Link WL54AP3 and WL54AP...
A-Link WL54AP3 / WL54AP2 - Cross-Site Request Forgery / Cross-Site Scripting
Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg [email protected] Device: A-Link WL54AP3 and WL54AP...
Henri Lindberg - Smilehouse Oy
Louhi Networks Security Advisory Advisory: Checkpoint VPN-1 UTM Edge cross-site scripting Release Date: 2008/03/06 Last Modified: 2008/03/06 Authors: Henri Lindberg, Associate of ISC [email protected] Application: Checkpoint VPN-1 Edge W Embedded NGX 7.0.48x patched in version 7.5.48 Device...
Security Issue: XSS in wiki exception error page
The confluence wiki does contain a XSS possibility in the exception error page. The user input string is NOT output encoded at following lines: a - - Query String: url=alertdocument.cookie b - javax.servlet.forward.querystring : url=alertdocument.cookie c - atlassian.core.seraph.original.url :...
Security Issue: XSS in wiki exception error page
The confluence wiki does contain a XSS possibility in the exception error page. The user input string is NOT output encoded at following lines: a - - Query String: url=alertdocument.cookie b - javax.servlet.forward.querystring : url=alertdocument.cookie c - atlassian.core.seraph.original.url :...
[Full-disclosure] H4CREW-000005 EasyNews Pro 4.0 XSS & CSRF
I luv u Ms. Phisher u d4 d1am0nds 1n My Ski h4xorCrew Advirosy 5: Easynews PRO 4.0 XSS and CRSF =================================================== "the game of secuirity is like a sord fight you must think furst b4 you m0ve" H-4 h3r3 2 stay cuz we in da h0uz h4xorcewz n da house and r4w we g0nna...
ciscoCall.txt
I. SYNOPSIS Release Date: 07/19/2006 Affected Application: Cisco CallManager 3.1 and up versions prior to 3.1 were not tested but may still be vulnerable Severity If Exploited: High Impact: Arbitrary configuration of phone system/Theft of individual phone users' credentials Mitigating Factors:...
Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks
I. SYNOPSIS Release Date: 07/19/2006 Affected Application: Cisco CallManager 3.1 and up versions prior to 3.1 were not tested but may still be vulnerable Severity If Exploited: High Impact: Arbitrary configuration of phone system/Theft of individual phone users' credentials Mitigating Factors:...