[Full-disclosure] Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670 (CVE-2014-0339)

I. VULNERABILITY - Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670 II. BACKGROUND - Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file

[Full-disclosure] WatchGuard Fireware XTM devices contain a cross-site scripting vulnerability (CVE-2014-0338)

://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw/ By William Costa william.co...@gmail.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http

[Full-disclosure] Multiplus XSS in Proxmox Mail Gateway 3.1 (CVE-2014-2325)

-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component By William Costa ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] XSS in url for access of Confirmation Required in box for antispam from company AKER (CVE-2013-6037)

XSS in url for access of Confirmation Required in box for antispam from company AKER (CVE-2013-6037) I. VULNERABILITY - Reflected XSS vulnerabilities in AKER SECURE MAIL GATEWAY = v2.5.2 II. BACKGROUND - The Aker Secure Mail Gateway is a complete

[Full-disclosure] Reflected XSS Attacks vulnerabilities in DELL SonicWALL Universal Management Suite v7.1 (CVE-2014-0332)

/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf By William Costa william.co...@gmail.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Reflected XSS Attacks vulnerabilities in Symantec WEB Gateway 5.1.1.24 (CVE-2013-5013)

be validated http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisorypvid=security_advisoryyear=suid=20140210_00 By William Costa william.co...@gmail.com ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] XSS Reflected vulnerabilities in OS of FortiWeb v 5.0.3 (CVE-2013-7181)

- Try FortiWEB VM or appliance v5.0.3 VIII. SOLUTION - Upgrade to FortiWeb 5.1.0 or higher. By William Costa ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted

[Full-disclosure] Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability ( CVE-2013-7182)

and Applaince VII. SOLUTION Upgrade to FortiOS 5.0.6 or higher. References http://www.fortiguard.com/advisory/FG-IR-14-003/http://www.kb.cert.org/vuls/id/728638 By William Costa ___ Full-Disclosure - We believe in it. Charter

[Full-disclosure] Contact PSIRT Fortinet

Does anyone have a contact person in the PSIRT at Fortinet ? The email PSIRT at Fortinet not have response. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -

[Full-disclosure] Reflected XSS Attacks XSS vulnerabilities in NagiosQL 3.2.0 Servicepack 2 (CVE: CVE-2013-6039)

/html BY F3nr1r (William Costa) william.co...@gmail.com REFERENCES http://cwe.mitre.org/data/definitions/79.html http://www.nagiosql.org/ http://www.nagiosql.org/forum8/solved-issues/3270-security-hotfix-for-%20nagiosql-3-2-sp2.html#3690

[Full-disclosure] CSRF vulnerabilities in OS of fortianalyzer 5.0.4

- UpGrade for v5.0.5 POC https://vimeo.com/78776768 By William Costa william.co...@gmail.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http