Advisory: Endeca Latitude Cross-Site Request Forgery
RedTeam Pentesting discovered a Cross-Site Request Forgery (CSRF)
vulnerability in Endeca Latitude. Using this vulnerability, an attacker
might be able to change several different settings of the Endeca
Latitude instance or disable it entirely.
Advisory: Endeca Latitude Cross-Site Scripting
RedTeam Pentesting discovered a Cross-Site Scripting (XSS)
vulnerability in Endeca Latitude. By exploiting this vulnerability an
of other Endeca Latitude users.
Vulnerability title: Arbitrary Code Execution in G Data TotalProtection 2014
Vendor: G Data
Product: TotalProtection 2014
Affected version: v126.96.36.199
Fixed version: N/A
Reported by: Kyriakos Economou
G Data TotalProtection 2014 v188.8.131.52 and possibly earlier versions
Vulnerability title: Multiple Cross Site Scripting in Sophos Antivirus
Configuration Console (Linux)
Affected version: 9.5.1
Fixed version: 9.6.1
Reported by: Pablo Catalina
The Configuration Console of Sophos Antivirus 9.5.1 (Linux)
the batch script WINRM.CMD, which contains just the single line
@cscript //nologo %~dpn0.vbs %*
allows a binary planting or squatting attack: WINRM.CMD executes a
rogue CSCRIPT.COM, CSCRIPT.EXE, CSCRIPT.BAT, CSCRIPT.CMD etc. (see
environment variable PATHEXT) from the current working
After reading your history theft with CSS article, it got me wondering if
that's what the Passpack service is doing. I've been using passpack.com for
a while and after logging in to my account it always asks to 'click on the
black square to continue'. The page shows 8 white squares with one black
On Monday, June 23, 2014, Jonathan Care j...@tardis.org wrote:
Projects like keybase.io, mailvelope, and so on
You namedrop these projects as if they're the same thing, but they're not.
- Keybase.io is a web page, and last I looked, they weren't using CSP,
which would help prevent XSS
Also thanks to Rikairchy, I got an invite.
I opted not to upload my private key, and it's still a pretty useful
service without that.
Github, twitter bitcoin address, signed by my priv key offline. The
tracking feature is probably the easiest implementation of web-of-trust
These are Cross-Site Scripting and Cross-Site Request Forgery
vulnerabilities in Zyxel P660RT2 EE ADSL Router.
Vulnerable is the next model: Zyxel P660RT2 EE. ZyNOS Firmware Version:
V3.40 (AXN.1). This model