610 matches found
Building a world without passwords
Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that weve been busy at work trying to create a world without them a world without passwords. In this blog, we will provide a brief insight into how we at Microsoft think about solving this...
Promise Technology WebPam Pro-E Appliance HTTP Response Header Injection Vulnerability
Promise Technology WebPam Pro-E devices are a data center device from Promise Technology. A security vulnerability exists in the Promise Technology WebPam Pro-E devices due to a failure to filter parameters in the PHPSESSID cookie. The vulnerability can be exploited by remote attackers to conduct...
Crlf injection
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie...
CVE-2018-6603
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie...
CVE-2018-6603
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie...
CVE-2018-6603
The CVE-2018-6603 issue affects Promise Technology WebPam Pro-E devices, where remote attackers can exploit a failure to filter parameters in the PHPSESSID cookie to trigger XSS, HTTP Response Splitting, and CRLF Injection via JavaScript in the cookie. Public references in CNVD/NVD entries corrob...
chrome:Cross-origin object leak via fetch
VULNERABILITY DETAILS The promise returned by fetch.callcrossOriginWindow is created in the cross-origin context. Direct cross-origin scripting is not possible because cross-origin function constructors don't work anymore issue 541703 . But the attacker can e.g. call other functions of the...
await vs return vs return await
When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...
await vs return vs return await
When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...
Security update for MozillaFirefox, mozilla-nss (important)
This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 52.0 boo1028391 requires NSS = 3.28.3 Pages containing insecure password fields now display a warning directly within username and password fields. Send and open a tab from one device ...
UBUNTU-CVE-2017-5010
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
promise-project.net XSS vulnerability
Open Bug Bounty ID: OBB-176303 Description| Value ---|--- Affected Website:| promise-project.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Streaming template literals
Template literals are pretty cool right? const areThey = 'Yes'; console.log$areThey, they are; // Logs: Yes, they are You can also assign a function to process the template, known as "tagged" templates: function strongValuesstrings, ...values return strings.reducetotalStr, str, i = totalStr += st...
Tasks, microtasks, queues and schedules
When I told my colleague Matt Gaunt I was thinking of writing a piece on microtask queueing and execution within the browser's event loop, he said "I'll be honest with you Jake, I'm not going to read that". Well, I've written it anyway, so we're all going to sit here and enjoy it, ok? Actually, i...
Astium VoIP PBX <= 2.1 build 25399 - Multiple Vulns Remote Root Exploit
No description provided by source. !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX = v2.1 build 25399 Multiple Vulns Remote Root Exploit Date : 01-02-2012 Author :...
promise webpam 2.2.0.13 - Multiple Vulnerabilities
No description provided by source. Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplif...
Promises: resolve is not the opposite of reject
When I first started working with promises I had the overly simplistic view that passing a value into reject would mark the promise as "failed", and passing a value into resolve would mark it as "successful". However, the latter isn't always true. new Promiseresolve, reject = resolvesomething;...
Astium VoIP PBX 2.1 Remote Root
!/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...
Anonymous threatened Estonian government with a possible cyber attack
Anonymous Hackers AnonSwedenOp posted a video on YouTube on October 8 where it threatened the Estonian government with a possible cyber attack. "Estonian government had sacrificed its own people instead of helping its own people, Estonian government has channelled money to helping Greece that is...
Promise WebPAM 2.2.0.13 Cross Site Scripting / SQL Injection
Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities Vendor: Promise Technology, Inc. Product web page: http://www.promise.com Affected version: 2.2.0.13 Summary: WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM i...