Pulse 0.7.0 Final CSRF / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Pulse version 0.7.0 Final suffers from cross site request forgery and cross site scripting vulnerabilities.
Archive for April, 2016
Sophos Cyberoam NG Series Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the ‘ipFamily’, ‘applicationname’ and ‘username’ GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary ‘X-Forwarded-For’ HTTP header to a request makes the appliance also prone to a XSS issue. This can […]
http://www.phrae.m-society.go.th
Posted by deepcore under Security (No Respond)
http://www.phrae.m-society.go.th notified by fr13nds
Tags: defacementApple Security Advisory 2016-03-31-1
Posted by deepcore under Apple (No Respond)
[remote] – Easy File Sharing HTTP Server 7.2 SEH Overflow
Posted by deepcore under Security (No Respond)
[dos] – Internet Explorer – MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free (MS16-023)
Posted by deepcore under Security (No Respond)
Internet Explorer – MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free (MS16-023)
Tags: 0day, remote exploit[webapps] – ManageEngine Password Manager Pro 8102 to 8302 – Multiple Vulnerabilities
Posted by deepcore under Security (No Respond)
ManageEngine Password Manager Pro 8102 to 8302 – Multiple Vulnerabilities
Tags: 0day, remote exploit[remote] – PCMAN FTP Server Buffer Overflow – PUT Command
Posted by deepcore under Security (No Respond)
[papers] – A New CVE-2015-0057 Exploit Technology
Posted by deepcore under Security (No Respond)
FortiManager & FortiAnalyzer – Persistent Web Vulnerability
Posted by deepcore under exploit (No Respond)
The Vulnerability Laboratory Core Research Team discovered a persistent web validation vulnerability in the official Fotinet FortiManager and FortiAnalyzer appliance product series.