I. VULNERABILITY
-
Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670
II. BACKGROUND
-
Webmin is a web-based interface for system administration for Unix.
Using any modern web browser, you can setup user accounts, Apache,
DNS, file
://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw/
By William Costa
william.co...@gmail.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component
By William Costa
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
XSS in url for access of Confirmation Required in box for antispam from
company AKER (CVE-2013-6037)
I. VULNERABILITY
-
Reflected XSS vulnerabilities in AKER SECURE MAIL GATEWAY = v2.5.2
II. BACKGROUND
-
The Aker Secure Mail Gateway is a complete
/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf
By William Costa
william.co...@gmail.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
be validated
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisorypvid=security_advisoryyear=suid=20140210_00
By William Costa
william.co...@gmail.com
___
Full-Disclosure - We believe in it.
Charter: http
-
Try FortiWEB VM or appliance v5.0.3
VIII. SOLUTION
-
Upgrade to FortiWeb 5.1.0 or higher.
By William Costa
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
and Applaince
VII. SOLUTION
Upgrade to FortiOS 5.0.6 or higher.
References
http://www.fortiguard.com/advisory/FG-IR-14-003/http://www.kb.cert.org/vuls/id/728638
By William Costa
___
Full-Disclosure - We believe in it.
Charter
Does anyone have a contact person in the PSIRT at Fortinet ?
The email PSIRT at Fortinet not have response.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
/html
BY
F3nr1r (William Costa)
william.co...@gmail.com
REFERENCES
http://cwe.mitre.org/data/definitions/79.html
http://www.nagiosql.org/
http://www.nagiosql.org/forum8/solved-issues/3270-security-hotfix-for-%20nagiosql-3-2-sp2.html#3690
-
UpGrade for v5.0.5
POC
https://vimeo.com/78776768
By William Costa
william.co...@gmail.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
11 matches
Mail list logo