EUVD-2018-18312

Malware in sbrugna...

Cross Site Request Forgery (CSRF)

Phpsysinfo is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is caused due to the missing validation for JSONP requests in readconfig.php file. This could allow an attacker to retrieve sensitive JSON data from the server,leads JSONP hijacking vulnerability...

XML.php JSONP hijacking

Description The XML.php file has a JSONP hijacking vulnerability. When a user visits a page carefully crafted by the attacker, the JSON data is obtained and sent to the attacker. Proof of Concept We created an HTML file as a proof of concept to showcase the vulnerability. This HTML file will...

Honeypot-Factory: The Use of Deception in ICS/OT Environments

The recently published Security Navigator report of Orange Cyberdefense shows there has been a rapid increase of attacks on industrial control systems ICS in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as...

Mail.ru: JSONP hijacking

In this report researcher bypassed client-side protection against JSONP hijacking. Vulnerability allowed to disclose emails of logged in my.com users which visited malicious site...

Design/Logic Flaw

totemomail Encryption Gateway before 6.0b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack...

CVE-2018-6562

totemomail Encryption Gateway before 6.0b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack...

CVE-2018-6562

totemomail Encryption Gateway before 6.0b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack...

CVE-2018-6562

totemomail Encryption Gateway before 6.0b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack...

CVE-2018-6562

The CVE-2018-6562 entry concerns totemomail Encryption Gateway prior to 6.0_b567, where a JSONP hijacking vulnerability allows remote attackers to obtain sensitive information about user sessions and encryption key material. Public sources describe this as a remote, web-facing information-disclos...

Totemomail Encryption Gateway 6.0.0_Build_371 JSONP Hijacking

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: totemomail Encryption Gateway Vendor: totemo AG CSNC ID: CSNC-2018-002 CVE ID: CVE-2018-6562 Subject: JSONP hijacking Risk: High Effect: Remotely exploitable Author: Nicolas Heiniger Date: 14.05.2018...

Baidu, Alibaba, Tencent in the column: a“watering hole attack”using JSONP hijacking tracking user-vulnerability warning-the black bar safety net

Can you imagine if an authoritarian state to get a way to obtain user privacy information of the tool, and this tool can obtain the user in a specific site on the real name, email address, gender, birthday and phone number, etc., that would be what kind of scene? You can also imagine that an...