Advisory: Endeca Latitude Cross-Site Scripting
RedTeam Pentesting discovered a Cross-Site Scripting (XSS)
vulnerability in Endeca Latitude. By exploiting this vulnerability an
attacker is able to execute arbitrary JavaScript code in the context
of other Endeca Latitude users.
Details
===
Hi @ll,
the batch script WINRM.CMD, which contains just the single line
@cscript //nologo %~dpn0.vbs %*
allows a binary planting or squatting attack: WINRM.CMD executes a
rogue CSCRIPT.COM, CSCRIPT.EXE, CSCRIPT.BAT, CSCRIPT.CMD etc. (see
environment variable PATHEXT) from the current working
On Monday, June 23, 2014, Jonathan Care j...@tardis.org wrote:
Projects like keybase.io, mailvelope, and so on
You namedrop these projects as if they're the same thing, but they're not.
- Keybase.io is a web page, and last I looked, they weren't using CSP,
which would help prevent XSS
-
Hello list!
These are Cross-Site Scripting and Cross-Site Request Forgery
vulnerabilities in Zyxel P660RT2 EE ADSL Router.
-
Affected products:
-
Vulnerable is the next model: Zyxel P660RT2 EE. ZyNOS Firmware Version:
V3.40 (AXN.1). This model