Matrix42 Workspace Management 9.1.2.2765 Cross Site Scripting Vulnerability

Matrix42 Workspace Management version 9.1.2.2765 suffers from a persistent cross site scripting vulnerability. Matrix42 Workspace Management 9.1.2.2765 – Stored Cross-Site Scripting =============================================================================== Identifiers...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On Thursday, February 27, at 9:20 AM, I'm...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I'm speaking at SecIT by Heise in Hannover, Germany on March 26, 2020. The list is maintained on this page...

Cross-Site Scripting in extension "Heise Shariff" (rx_shariff)

The extension fails to properly encode user input for output in HTML context...

heise online - News - ContentProvider mode not defined, Dynamic Code Loading, Exported components vulnerabilities

HackApp vulnerability scanner discovered that application heise online - News published at the 'play' market has multiple vulnerabilities...

jobs.heise.de XSS vulnerability

Vulnerable URL: http://jobs.heise.de/Job/Analyst-Spezialist-m-w-fuer-Energieabrechnung.21678021.html/1 Details: Description| Value ---|--- Patched:| Yes, at 21.08.2015 Latest check for patch:| 21.08.2015 15:02 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

jobs.heise.de XSS vulnerability

Vulnerable URL: http://jobs.heise.de/detailsuche.html/1%3Csvg/onload%3dalert%28/xssposed/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 21.08.2015 Latest check for patch:| 21.08.2015 15:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / N...

OpenX - Backdoor PHP Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'OpenX Backdoor PHP Code Execution',...

OpenX Backdoor PHP Code Execution Vulnerability

OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload. This file is part of the Metasploit Framework and may be subject to redistribution...

OpenX Backdoor PHP Code Execution

OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload. This module requires Metasploit: https://metasploit.com/download Current source:...

Apple Mail remote command execution vulnerability

Overview Apple Mail contains a vulnerability that may allow an attacker to execute arbitrary commands on OS X Leopdard 10.5 systems. Description Apple OS X uses resource forks to store structured data in files. Data forks are used to store unstructured data.The AppleDouble standard is specified i...