Hi List,
we are happy to publish a tool written some months ago to discover
netgear switches using python.
Abstract
nsdtool is a toolset of scripts used to detect netgear switches in local
networks. The tool contains some extra features like bruteforce and
setting a new password.
Netgear has
We are happy to announce a new issue of the Onapsis SAP Security In-Depth
publication.
SAP Security In-Depth is a free publication led by Onapsis Research Labs with
the purpose of providing practical
educational information about the current and future risks in this area,
allowing all
Hi List,
please find an example app and sourcecode here:
https://www.curesec.com/data/binary/CRT-RemoveLocks.apk
https://www.curesec.com/data/binary/CRT-RemoveLocks.tar.bz2
Cheers,
CRT
Am 27.11.2013 20:16, schrieb Curesec Research Team:
Please find a better readable version of the advisory
Please find a better readable version of the advisory here:
https://cureblog.de/2013/11/755/
Cheers,
Curesec Research Team
==
CVE-2013-6271: Security Advisory – Curesec Research Team
1. Introduction
Advisory ID:Cure-2013-1011
Security Advisory - Curesec Research Team
=
1. Introduction
Advisory ID: Cure-2013-1006
Advisory URL: https://www.curesec.com/
Affected Product: Prior 5.1.1.0
Fixed Version: 5.1.1.0
Vendor Contact: supp...@livezilla.net
Vulnerability Type
Security Advisory - Curesec Research Team
=
1. Introduction
Advisory ID: Cure-2013-1008
Advisory URL: https://www.curesec.com/
Affected Product: Prior LiveZilla version 5.1.1.0
Affected Systems: Windows
Vendor Contact: supp
CVE-2013-6225: Security Advisory – Curesec Research Team
1. Introduction
Advisory ID:Cure-2013-1007
Advisory URL: https://www.curesec.com/de/veroeffentlichungen
/advisories.html
Blog URL:
https://cureblog.de/2013/11/remote-code-execution-in-livezilla
January 2013, we encountered the latest version of RealArcade installer
provided by GameHouse (a division of RealNetworks) on a system during an
audit. Considering its historical vulnerabilities and recent reports about
vulnerabilities in game clients/installers, we decided to take a closer
look
Dear colleague,
We are happy to announce a new issue of the Onapsis SAP Security In-Depth
publication.
SAP Security In-Depth is a free publication led by the Onapsis Research Labs
with the purpose of providing specialized
information about the current and future risks in this area, allowing
Hi List,
please find the vulnerability description within this post.
Cheers,
Curesec Research Team
Reference:
https://cureblog.de/2013/07/phishing-google-wallet-and-paypal-by-abusing-whatsapp/
Phishing Google Wallet and Paypal by abusing WhatsApp
-=Introduction=-
WhatsApp is one
Am 11.07.2013 16:41, schrieb Jann Horn:
FYI, the openssh guys have known this for quite a while and they don't
treat it as an issue worth fixing. They don't want to introduce extra
anti-timing code just to prevent user enumeration from working.
Oh really?
By the way: If you can hog the CPU
massively. In our case we go with 39.000
characters(A’s). Trying those passwords at an existing and a
non-existing account shows a quite high delay.
Find the rest of the post + some example code at the blogpost.
http://cureblog.de/openssh-user-enumeration-time-based-attack/
Cheers,
Curesec Research
Hi List,
please find the second part of the Inkasso Trojaner. In this blogpost
we go on with the analysis of the dropper. This time with related domain
names,ip's and commands it is supporting.
https://cureblog.de/inkasso-trojaner-part-2/
Have fun!
Curesec Research Team
Hi List,
we analyzed a Trojan, propagating via email, sent to us some days ago. Please
find the first part here:
http://cureblog.de/inkassomahngebuhren-trojaner-part-1/
Cheers,
Curesec Research Team
___
Full-Disclosure - We believe in it.
Charter
WCE v1.4beta x32/x64/universal has been released.
Download links:
http://www.ampliasecurity.com/research/wce_v1_4beta_universal.zip
http://www.ampliasecurity.com/research/wce_v1_4beta_x64.zip
http://www.ampliasecurity.com/research/wce_v1_4beta_x32.zip
Changelog:
version 1.4beta:
May 30, 2013
Summary
SQL Injection Vulnerability in ITSM component of Hornbill Supportworks
Application
CVE number: CVE-2013-2594
Impact: High
Vendor homepage: http://www.hornbill.com
Vendor notified: 19/11/2012
Vendor response: This issue has reportedly been fixed but the
Original advisory can be found here:
http://www.reactionpenetrationtesting.co.uk/hornbill-supportworks-sql-inject
ion.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by
==
Secunia Research 16/01/2013
- Oracle Outside In Technology Stream Filters -
- Paradox Database Handling Denial of Service
==
Secunia Research 16/01/2013
- Oracle Outside In Technology Stream Filters -
- Paradox Database Handling Buffer Overflow
Release Date: 2013-01-17
Author: Nikolas Sotiriu
Website:http://sotiriu.de
Twitter:http://twitter.com/nsoresearch
Mail: nso-research at sotiriu.de
URL:http://sotiriu.de/adv/NSOADV-2013-001.txt
: 2013-01-17
Author: Nikolas Sotiriu
Website:http://sotiriu.de
Twitter:http://twitter.com/nsoresearch
Mail: nso-research at sotiriu.de
URL:http://sotiriu.de/adv/NSOADV-2013-002.txt
Vendor
this vulnerability in a patch or upcoming release as soon as
possible. This vulnerablity has been assigned CVE-2012-5190.
Take care,
Include Security Research Team
Arbitrary File Upload and Execution in Prizm Content Connect default.aspx
Prizm Content Connect web document viewer converts a variety
OrangeHRM[1] 2.7.1[2] -- the latest stable release as of this writing --
suffers from a persistent XSS in the vacancy name variable. Steps:
1. Navigate to following URL:
http://[domain]/symfony/web/index.php/recruitment/viewJobVacancy
2. Add or Edit a Vacancy
3. In the Vacancy Name parameter
ProCheckUp Research
http://procheckup.com/procheckup-labs/pr11-07.aspx
PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information
disclosure flaws within CheckPoint/Sofaware firewalls
Vulnerability found: 3rd May 2011
Vendor informed: 20th July 2011
Vulnerability fixed
ProCheckUp Research
This is one of a series of papers investigating selected security related
hardware, particularly hardware which is commonly found within DMZ’s
(DeMilitarised Zones) or protecting the periphery of the DMZ such as firewalls.
http://procheckup.com/procheckup-labs/paper-6
on how you are using Bizploit. Don't
hesitate to write us at bizpl...@onapsis.com!
Kindest regards,
P.S: Follow us on Twitter (@onapsis) to stay updated on the latest SAP ERP
security research!
--
---
The Onapsis Research Labs Team
Onapsis, Inc.
Email: resea
==
Secunia Research 17/09/2012
- Novell GroupWise iCalendar Date/Time Parsing Denial of Service -
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear colleague,
We are happy to announce a new issue of the Onapsis SAP Security In-Depth
publication.
SAP Security In-Depth is a free publication led by the Onapsis Research Labs
with the purpose of providing specialized information about
==
Secunia Research 03/09/2012
- Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow -
==
Table of Contents
Affected
.Net Cross Site Scripting - Request Validation Bypassing
Seeker Research Center
By Zamir Paltiel, August 2012
Overview
A vulnerability in the .Net Request Validation mechanism allows bypassing the
filter and execution
Summary
===
There is an arbitrary command execution vulnerability in the scriptfu
network server
console in the GIMP 2.6 branch. It is possible to use a python scriptfu
command to run
arbitrary operating-system commands and potentially take full control of the
host.
The advisory is posted
-sql-injection.html
==
Reaction Information Security
Lombard House Business Centre,
Suite 117,
12-17 Upper Bridge Street,
Canterbury, Kent, CT1 2NF
Phone: +44 (0)1227 785050
Email: research () reactionis {dot
://www.reactionpenetrationtesting.co.uk/group-office-cookies.html
==
Reaction Information Security
Lombard House Business Centre,
Suite 117,
12-17 Upper Bridge Street,
Canterbury, Kent, CT1 2NF
Phone: +44 (0)1227 785050
Email: research () reactionis
-17 Upper Bridge Street,
Canterbury, Kent, CT1 2NF
Phone: +44 (0)1227 785050
Email: research () reactionis {dot} co {dot} uk
Web: http://www.reactionpenetrationtesting.co.uk
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
==
Reaction Information Security
Lombard House Business Centre,
Suite 117,
12-17 Upper Bridge Street,
Canterbury, Kent, CT1 2NF
Phone: +44 (0)1227 785050
Email: research () reactionis {dot} co {dot} uk
Web: http
==
Secunia Research 01/08/2012
- Citrix Access Gateway Plug-in for Windows -
- nsepacom ActiveX Integer Overflow Vulnerability
==
Secunia Research 01/08/2012
- Citrix Access Gateway Plug-in for Windows -
- nsepacom ActiveX Buffer Overflow Vulnerability
the key file to
unlock the whole database.
The databases are encrypted using the best and most secure encryption
algorithms currently known (AES and Twofish).
(Copy of the Vendor Homepage: http://keepass.info )
Abstract:
=
The Vulnerability Laboratory Research Team discovered a software
==
Secunia Research 17/07/2012
- Cisco Linksys PlayerPT ActiveX Control -
- SetSource() Buffer Overflow
:
=
The Vulnerability Laboratory Research Team discovered multiple web
vulnerabilites in Event Calendar PHP 1.2 CMS.
Report-Timeline:
2012-06-17: Public Disclosure
Status:
Published
Exploitation-Technique:
===
Remote
Severity
:
=
The Vulnerability Laboratory Research Team discovered multiple Web
Vulnerabilities in the Lepton v1.2.0 Content Management System.
Report-Timeline:
2012-06-23: Public or Non-Public Disclosure
Status:
Published
Exploitation-Technique:
===
Remote
, Smarty.
Multi Language, Multi Currency.
Templatable.
Open Source.
Automatic Image Resize.
Product Reviews.
Coupons ...
(Copy of the Vendor Homepage: http://vamcart.com )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Web
Vulnerabilities
on the resources of the server. SMF is the next generation of forum
software - and best of all it is and
will always remain completely free!
(Copy of the Vendor Homepage: http://www.simplemachines.org/ )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple web
vulnerabilities
Research Team discovered multiple Web
vulnerabilities in the PBBoard v2.1.4 forum application.
Report-Timeline:
2012-06-26: Public Disclosure
Status:
Published
Exploitation-Technique:
===
Remote
Severity:
=
Medium
Details
™ Learn platform takes interactive teaching and learning
mobile, giving students and educators access to
their courses, content and organizations on a variety of devices including
iOS®, Android™, BlackBerry®, and webOS® smartphones.
Abstract:
=
The Vulnerability Laboratory Research Team
)
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple web
vulnerabilities in Phonalisa v5 VoiP Phone Application.
Report-Timeline:
2012-05-01: Researcher Notification Coordination
2012-05-02: Vendor Notification
2012-05-05: Vendor
- RSS Feed, js or iframe
(Copy of the Vendor Homepage: http://www.scriptdemo.com/details/phpjobsite )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Cross Site
Scripting Vulnerabilities in the PHP Jobsite v1.36 Script.
Report-Timeline:
2012
, or a multi destination and property resort chain,
our company’s reservation software will serve your needs.
(Copy of the Vendor Homepage: http://www.iscripts.com/reservelogic/ )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple different web
vulnerabilites in iScripts
://www.newsscriptphp.com/eventscript.php )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple SQL Injection
vulnerabilites in Event Script PHP v1.1 CMS.
Report-Timeline:
2012-06-10: Public or Non-Public Disclosure
Status:
Published
to administrator for the new comments
RSS Feed with images, validated by w3c
Fully readable and simple PHP code, so you can change it to suit
your needs
(Copy of the Vendor Homepage: http://www.classifiedadsscriptphp.com )
Abstract:
=
The Vulnerability Laboratory Research Team
Research Team discovered multiple different web
vulnerabilites in GuestBook Scripts PHP 1.5 CMS.
Report-Timeline:
2012-06-11: Public or Non-Public Disclosure
Status:
Published
Exploitation-Technique:
===
Remote
Severity:
=
High
, configuration,
per-user access control,
resellser virtualization and more.
(Copy of the Vendor Homepage: http://freeside.biz/freeside )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple web
vulnerabilities in Freesides SelfService CGI|API v2.3.3 git.
Report-Timeline
://www.clscript.com )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple critical web
vulnerabilities in the CLscript v3.0 Content Management System.
Report-Timeline:
2012-05-16: Public or Non-Public Disclosure
Status:
Published
Rewterz Security Research Group Advisory
I. Overview
A Cross-Site Scripting (XSS) vulnerability has been identified in
TEMENOS T24 Core Banking Solution System. This vulnerability
.
Credits:
Vulnerability Laboratory [Research Team] -snup (s...@vulnerability-lab.com
) [http://snup1.blogspot.com]
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed
(+).
2.2
The security risk of the non-persistent cross site scripting vulnerabilities
are estimated as low(+).
Credits:
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri
(b...@vulnerability-lab.com)
Vulnerability Laboratory [Research Team] - Ibrahim El-Sayed [the St0rm]
(st
directory software and more.
(Copy of the Vendor Homepage: http://www.esyndicat.com )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Web
Vulnerabilities in eSyndiCat Pro v2.4.1 Service Management System.
Report-Timeline:
2012-05-19: Public
.
(Copy of the Vendor Homepage: http://www.boonex.com/dolphin )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Web
Vulnerabilities in the Boonex Dolphin v7.0.9 CMS.
Report-Timeline:
2012-05-08: Researcher Notification Coordination
2012-05-10
/scripts/php.quickblog.2256.html )
Abstract:
=
The Vulnerability Laboratory Research Team discovered Multiple Web
Vulnerabilities in QuickBlog v0.8 CMS.
Report-Timeline:
2012-05-12: Public or Non-Public Disclosure
Status:
Published
Exploitation
Research Team discovered a Blind SQL Injection
Vulnerability in ADICO, Web based, PHP car booking,
rental management system software, version 1.1.
Report-Timeline:
2012-05-29: Public or Non-Public Disclosure
Status:
Published
Exploitation-Technique
://www.iscripts.com/easycreate )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple web
vulnerabilites in iScripts EasyCreate v2.0 CMS.
Report-Timeline:
2012-06-02: Public or Non-Public Disclosure
Status:
Published
Exploitation-Technique
as
critical.
2.1
The security risk of the persistent input validation vulnerabilities are
estimated as medium(+).
2.2
The security risk of the non-persistent cross site scripting vulnerabilities
are estimated as low(+).
Credits:
Vulnerability Laboratory [Research Team] - Ibrahim El-Sayed
for the administrators (providing full control over the website,
structure and content management,
detailed user management, search engines reports, statistics and many others).
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple web
vulnerabilities in Jobs Portal
have question,
you can contact with system manager or
leave a message in our official webite www.cells.tw
(Copy of the Vendor Homepage: http://www.cells.tw )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple different web
vulnerabilites in Cells Blog v1.1
as low(+).
Credits:
Vulnerability Laboratory [Research Team] - Ibrahim M. El-Sayed
(st...@vulnerability-lab.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed
==
Secunia Research 07/06/2012
- Network Instruments Observer -
- SNMP OID Processing Denial of Service Vulnerability
==
Secunia Research 07/06/2012
- Network Instruments Observer -
- SNMP Processing Buffer Overflows
are
estimated as medium(-).
Credits:
Vulnerability Laboratory [Research Team] -Chokri B.A.
(meis...@vulnerability-lab.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties
=p4gs3t31a4bvjnsibk7284mhv2;
s9y_6ee12d7870b99d9e22c04f0f96d39992=1vspimicug4mg0glab25l15q92
Risk:
=
The security risk of the persistent input validation vulnerability are
estimated as medium.
Credits:
Vulnerability Laboratory [Research Team] -Benjamin Kunz Mejri
(rem...@vulnerability
administration interface
- Search engine
- Submit and send news functions
- Smilies support
- BBCodes or HTML tags support
- Headlines generation
- ...
(Copy of the Vendor Homepage: http://www.gnew.fr/news/index.php )
Abstract:
=
A Vulnerability Laboratory Research Team discovered multiple web
as low(+).
Credits:
Vulnerability Laboratory [Research Team] -the_storm
(st...@vulnerability-lab.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed
:
=
The Vulnerability Laboratory Research Team discovered multiple web
vulnerabilities in Viscacha Bulletin Board CMS v0.8.1.1.
Report-Timeline:
2012-05-08: Public or Non-Public Disclosure
Status:
Published
Exploitation-Technique:
===
Remote
of the sql injection vulnerability is estimated as high(-).
1.2
The security risk of the persistent input validation vulnerability is estimated
as medium(+).
Credits:
Vulnerability Laboratory [Research Team] -the storm
(st...@vulnerability-lab.com)
Disclaimer
policy.
Display banner for advertise.
Cancel booking by user/admin.
Refund request approved by admin.
Template based design.
Ajax based interface.
(Copy of the Vendor Homepage: http://itechscripts.com/travelon_xpress.html )
Abstract:
=
The Vulnerability Laboratory Research Team discovered
-thought automation
and user centric functionality that is pre-configured to selectively enhance
your operations
and productivity.
(Copy of the vendor Homepage: http://www.vessio.com )
Abstract:
=
The Vulnerability Laboratory Research Team discovered a CSRF- and multiple
persistent Web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear colleague,
We are happy to announce a new issue of the Onapsis SAP Security In-Depth
publication.
SAP Security In-Depth is a free publication led by the Onapsis Research Labs
with the purpose of providing specialized information about
of the persistent input validation vulnerabilities are
estimated as medium(+).
1.2
The security risk of the non persistent cross site scripting vulnerabilities
are estimated as low(+).
Credits:
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (Rem0ve)
Disclaimer
:
Vulnerability Laboratory [Research Team] -Ibrahim El-Sayed
(st...@vulnerability-lab.com)
Vulnerability Laboratory [Research Team] -Benjamin Kunz Mejri
(b...@vulnerability-lab.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
Ripper.
- Supports 60 languages
- All Windows OS
(Copy of the Vendor Homepage: http://www.formatoz.com )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Buffer Overflow
Vulnerabilities in Format Factory v2.95 Software.
Report-Timeline:
2012
injection vulnerabilities are estimated as
critical.
1.2
The security risk of the non persistent cross site scripting vulnerabilities
are estimated as low(+).
Credits:
Vulnerability Laboratory [Research Team] - Ibrahim M. El-Sayed
(st...@vulnerability-lab.com)
Disclaimer
Ripper.
- Supports 60 languages
- All Windows OS
(Copy of the Vendor Homepage: http://www.formatoz.com )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Buffer Overflow
Vulnerabilities in Format Factory v2.95 Software.
Report-Timeline:
2012
Laboratory Research Team discovered a remote Denial of
Service vulnerability on LAN Messenger v1.2.28.
Status:
Published
Exploitation-Technique:
===
Remote
Severity:
=
Medium
Details:
Remote Denial of Service vulnerability is detected on LAN Messenger
vulnerability is estimated
as medium(+).
Credits:
Vulnerability Research Laboratory Team -Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either
a
database server (MySQL, PostgreSQL or SQLite) for
storage. It is fully customisable since it uses a templates system and supports
multiple languages.
(Copy of the Vendor Homepage: http://www.gnew.fr)
Abstract:
=
A Vulnerability Laboratory Research Team discovered multiple SQL
EIP registers
The video teach you how to discover different type of local buffer overflows.
Enjoy the video send it to your friends to share experience.
Credits:
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===
The information
VULNERABILITY DATABASE FOR INFORMATION
SECURITY (CNNVD PARTNERS).
;)
Risk:
=
The security risk of the pre-auth SQL injection vulnerability is estimated as
critical.
Credits:
Vulnerability Laboratory [Research Team] - Chokri Ben Achor
(meis...@vulnerability-lab.com)
Disclaimer
/fossil.cgi/taglist )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Web
Vulnerabilities in Pritlog v0.821 Content Management System.
Report-Timeline:
2012-04-29: Public or Non-Public Disclosure
Status:
Published
Exploitation
of the arbitrary file upload vulnerability is estimated as
high.
Credits:
Vulnerability Laboratory [Research Team] -the_storm
(st...@vulnerability-lab.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability
(document.cookie)Vulnerability-Lab/a
/div
Risk:
=
The security risk of the persistent cross site scripting vulnerability is
estimated as medium.
Credits:
Vulnerability Research Laboratory - Julien Ahrens (MrTuxracer)
[www.inshell.net]
Disclaimer:
===
The information
kilometers from north to south.
(Copy of the Vendor Homepage:
http://en.wikipedia.org/wiki/Pujiang_County,_Sichuan )
Abstract:
=
The Vulnerability Laboratory Research Team discovered a SQL-Injection
Vulnerability on Chinas Pujiang Government website.
Report-Timeline
kilometers from north to south.
(Copy of the Vendor Homepage:
http://en.wikipedia.org/wiki/Pujiang_County,_Sichuan )
Abstract:
=
The Vulnerability Laboratory Research Team discovered a SQL-Injection
Vulnerability on Chinas Pujiang Government website.
Report-Timeline
protection (requires Akismet API key)
Captcha (requires Recaptcha API key)
File Manager
Users
ACL Manager (Permissions)
Themes
Web based administration
(Copy of the Vendor Homepage: http://www.croogo.org/ )
Abstract:
=
The Vulnerability Laboratory Research
:
=
The security risk of the client side cross site vulnerabilities are estimated
as low(+).
Credits:
Vulnerability Research Laboratory - Dawid Golak (dawid.go...@gmail.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab
is estimated
as low(+).
Credits:
Vulnerability Laboratory [Research Team] -snup (s...@vulnerability-lab.com)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed
control over the website,
its structure and content,
also statistics, search engines functionality and others.
(Copy of the Vendor Homepage: http://www.dream-autos.com/ )
Abstract:
=
The Vulnerability Laboratory Research Team discovered multiple Web
Vulnerabilities in the Car Portal v3.0
(document.cookie)Vulnerability-Lab/a
/div
Risk:
=
The security risk of the persistent cross site scripting vulnerability is
estimated as medium.
Credits:
Vulnerability Research Laboratory - Julien Ahrens (MrTuxracer)
[www.inshell.net]
Disclaimer:
===
The information
: Vendor Fix/Patch [#HOTFIX] - Coordination MSRC Team
Risk:
=
The security risk of the remote password reset vulnerability is estimated as
critical.
Credits:
Vulnerability Laboratory [Research Team] -Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===
The information provided
friends, nerds, pentester exploiters. Please continue
the List and we will update it soon.
Note: This is a technical attack sheet for cross site penetrationtests.
Credits:
Vulnerability Laboratory [Research Team]
Disclaimer:
===
The information provided in this document
:
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability
[Research Team] -Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===
The information provided in this advisory is provided as it is without any
warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability and
capability
1 - 100 of 668 matches
Mail list logo
