11 matches found
Microsoft Internet Explorer 11 XSS Filter Bypass
Vulnerability: IE 11 XSS Filter Bypass Impact: Moderate Authors: Rafay Baloch Company: RHAInfoSec Website: http://rafayhackingarticles.net version: Latest Description Internet explorer 11 Suffers from a XSS Filter bypass using cp1025 charset. This is highly effective when the charset has not been...
Nokia Asha 501 Lock Bypass
Vulnerability: Asha OS Phones Screen Lock Bypass Impact: High Authors: Hammad Shamsi Company: RHAinfoSEC Website: http://rafayhackingarticles.net & https://facebook.com/sh3ifu Introduction The Asha platform is a mobile operating system OS and computing platform designed for low-end borderline sma...
Google Chrome 31.0 XSS Auditor Bypass Vulnerability
Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the DOM by using document.write property. Normally, XSS auditor checks XSS by comparing the request and response however, it also checks for request itself, if it contains an...
Android Browser Same Origin Policy Bypass Vulnerability
A SOP bypass occurs when a sitea.com is some how able to access the properties of siteb.com such as cookies, location, response etc. Due to the nature of the issue and potential impact, this is very rarely found in modern browsers. However, they are found once in a while. Vulnerability: Android...
Google Chrome 36.0 XSS Auditor Bypass
Vulnerability: Google Chrome 36.0 XSS Auditor Bypass Impact: Moderate Authors: Rafay Baloch Company: RHAInfoSec Website: http://rhainfosec.com version: Latest Description Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the...
Lavarel-Security XSS Filter Bypass Vulnerability
Lavarel-Security cross site scripting filter suffers from a bypass vulnerability. Product: Lavarel-Security XSS Filter Bypass Vulnerability: Mutation Based XSS Bypass Impact: Medium/High Authors: Rafay Baloch Company: RHAinfoSEC Website: http://rhainfosec.com Status: Fixed ========= Description...
Lavarel-Security XSS Filter Bypass
Product: Lavarel-Security XSS Filter Bypass Vulnerability: Mutation Based XSS Bypass Impact: Medium/High Authors: Rafay Baloch Company: RHAinfoSEC Website: http://rhainfosec.com Status: Fixed ========= Description ========= Laravel Security is a port of the security class from Codeigniter 2.1 for...
WordPress Pretty Photo Cross Site Scripting
Wp-Pretty Photo DOM Based XSS Vulnerability Details ======= Product: PrettyPhoto Plugin Security-Risk: Moderate Remote-Exploit: yes Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Vendor-URL: https://github.com/scaron/prettyphoto Vendor-Status: informed Advisory-Status:...
OWASP Java Encoder Filter Bypass
Product: OWASP Java Encoder Vulnerability: Mutation Based XSS Bypass Impact: Medium/Limited Authors: Rafay Baloch And Alex Infuhr Company: RHAinfoSEC Website: http://services.rafayhackingarticles.net Status: To be fixed in the next release ========= Description ========= Owasp encoder is an...
Modsecurity Cross Site Scripting Bypass Vulnerability
Modsecurity suffers from a cross site scripting bypass vulnerability. Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall i...
Modsecurity Cross Site Scripting Bypass
Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall is one of the most known WAF around, It has anonline smoke test where w...