Search Results for: xss

Results 1 - 10 of 833 Page 1 of 84
Results per-page: 10 | 20 | 50 | 100

HTTP Headers… the Achilles’ heel of many applications, (Fri, May 5th)

Posted on: 2017-05-05

When browsing a target web application, a pentester is looking for all “entry” or “injection” points present in the pages. Everybody knows that a static website with pure HTML code is less juicy compared to a website with many forms and gadgets where visitors may interact with it. Classic vulnerabilities (XSS, SQLi) are based on the user input that is abused to send unexpected data to the server. Here is a very simple GET example: http://www.company.com/shop/view.php?article=1234 Or an HTTP POST form: <form action=“/view.php” method="post"> <input name=“article" id=“article"> <input type="submit" value=“Submit"> </form> In both cases, the…

SSD Advisory – Serviio Media Server Multiple Vulnerabilities

Posted on: 2017-05-04

Full Disclosure mailing list archives SSD Advisory – Serviio Media Server Multiple Vulnerabilities From: Maor Shwartz <maors () beyondsecurity com> Date: Wed, 03 May 2017 01:35:45 +0000 SSD Advisory – Serviio Media Server Multiple Vulnerabilities Link to the blog post: https://blogs.securiteam.com/index.php/archives/3094 Vulnerabilities Summary The following advisory describes a five (5) vulnerabilities found in Serviio Media Server. Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1. Serviio is a free media server. It allows you to stream your media files (music, video or images) to renderer devices (e.g. a TV set, Bluray player, games console or mobile phone) on your connected home network.…

[CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin

Posted on: 2017-05-04

Full Disclosure mailing list archives [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin From: Sysdream Labs <labs () sysdream com> Date: Wed, 3 May 2017 16:03:48 +0200 # [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin ## Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source solution developed by Opensolutions and distributed under the GNU/GPL license version 3. The official web site can be found at www.vimbadmin.net. ## Details **CVE ID**: CVE-2017-5870 **Access Vector**: remote **Security Risk**: high **Vulnerability**: CWE-79 **CVSS Base Score**: 7.2 **CVSS vector**: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ## Proof…

OWASP Top Ten – Boring security that pays off

Posted on: 2017-05-04

There’s a lot of very unique, creative, and devastating cyber threats out there. The first inclination of a defender is to collect news of the new and terrifying and concentrate on network security defenses accordingly. This is completely understandable and mostly wrong. The majority of actual attacks, rather than proofs of concept, use simple and common vulnerabilities that in some cases are decades old. As an example, Facebook and Google recently fell victim to business email compromise. We’ve discussed on the blog previously that this is not much more complicated than standing on a street corner and politely (or impolitely, depending…

OWASP Top Ten – Boring security that pays off

Posted on: 2017-05-04

There’s a lot of very unique, creative, and devastating cyber threats out there. The first inclination of a defender is to collect news of the new and terrifying and concentrate on network security defenses accordingly. This is completely understandable and mostly wrong. The majority of actual attacks, rather than proofs of concept, use simple and common vulnerabilities that in some cases are decades old. As an example, Facebook and Google recently fell victim to business email compromise. We’ve discussed on the blog previously that this is not much more complicated than standing on a street corner and politely (or impolitely, depending…

Security breach

Posted on: 2017-05-04

Guards at the Taj is Aadyam's first alternative space presentation. This new initiative allows directors to explore the versatility of the black box and ... Source: Google Alert - security breach @ May 3, 2017 at 05:40PM

Security breach

Posted on: 2017-05-04

Guards at the Taj is Aadyam's first alternative space presentation. This new initiative allows directors to explore the versatility of the black box and ... Source: Google Alert - security breach @ May 3, 2017 at 05:40PM

Bugtraq: Zenario CMS v7.6 – (Delete) Persistent Cross Site Vulnerability

Posted on: 2017-05-04

Document Title: =============== Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2042 Release Date: ============= 2017-03-20 Vulnerability Laboratory ID (VL-ID): ==================================== 2042 Common Vulnerability Scoring System: ==================================== 3.6 Vulnerability Class: ==================== Cross Site Scripting - Persistent Product & Service Introduction: =============================== Zenario is a web-based content management system for sites with one or many languages. It's designed to grow with your site, adding extranet, online database and custom functionality when you need it. Zenario 7.2 has a new feature to add CSS styles and media queries, thereby allowing you to make mobile-friendly "responsive" email newsletters. (Copy of…

Bugtraq: Zenario v7.6 – Persistent Cross Site Scripting Vulnerability

Posted on: 2017-05-04

Document Title: =============== Zenario v7.6 - Persistent Cross Site Scripting Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2044 https://github.com/TribalSystems/Zenario/commit/cd60f1c8a179ebb779fe0acc 051b93f477129b1a Release Date: ============= 2017-03-16 Vulnerability Laboratory ID (VL-ID): ==================================== 2044 Common Vulnerability Scoring System: ==================================== 3.4 Product & Service Introduction: =============================== Zenario is a web-based content management system for sites with one or many languages. It's designed to grow with your site, adding extranet, online database and custom functionality when you need it. Zenario 7.2 has a new feature to add CSS styles and media queries, thereby allowing you to make mobile-friendly "responsive" email newsletters. (Copy of the Homepage: http://zenar.io/ ) Abstract Advisory…

Bugtraq: Zenario v7.6 – Persistent Cross Site Scripting Vulnerability

Posted on: 2017-05-04

Document Title: =============== Zenario v7.6 - Persistent Cross Site Scripting Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2044 https://github.com/TribalSystems/Zenario/commit/cd60f1c8a179ebb779fe0acc 051b93f477129b1a Release Date: ============= 2017-03-16 Vulnerability Laboratory ID (VL-ID): ==================================== 2044 Common Vulnerability Scoring System: ==================================== 3.4 Product & Service Introduction: =============================== Zenario is a web-based content management system for sites with one or many languages. It's designed to grow with your site, adding extranet, online database and custom functionality when you need it. Zenario 7.2 has a new feature to add CSS styles and media queries, thereby allowing you to make mobile-friendly "responsive" email newsletters. (Copy of the Homepage: http://zenar.io/ ) Abstract Advisory…