CKAN 信任管理问题漏洞

CKAN is an open-source data management system developed by CKAN contributors. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained a trust management vulnerability. This vulnerability stemmed from the possibility that the configured SMTP server...

Design/Logic Flaw

An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it...

Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter

This is a continuation of a series of blog posts which will cover blind cross-site scripting XSS and its impact on the internal systems which suffer from it. Previously, we’ve shown that data entered into one part of a website, such as the account information panel, can lead to XSS on internal...

Fraudulent Certificate for Google Domains Found After Mistake by Turkish CA

Google has pushed out an update that blocks an intermediate digital certificate for .google.com after discovering that a Turkish certificate authority had mistakenly issued intermediate certificates to two organizations that should only have gotten normal SSL certificates. That error gave those t...