Subscribe via feed.
Posts under XSS

[webapps] – WordPress Count per Day Plugin 3.2.5 (counter.php) – XSS Vulnerability

Posted by deepcore under exploit, m$, Security, XSS (No Respond)

WordPress Count per Day Plugin 3.2.5 (counter.php) – XSS Vulnerability

Tags: , , ,

Apple Security Advisory 2013-03-14-2

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, software, tools, twitter, XSS (No Respond)

Apple Security Advisory 2013-03-14-2 – Safari 6.0.3 is now available and addresses multiple security issues.

Tags: , , ,

Apple Security Advisory 2013-03-14-1

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, software, tools, twitter, XSS (No Respond)

Apple Security Advisory 2013-03-14-1 – OS X Mountain Lion version 10.8.3 and Security Update 2013-001 addresses multiple vulnerabilities. These updates address a canonicalization issue with HFS and Apache, a buffer overflow in libtiff, an authentication bypass, and more.

Tags: , , ,

Apple Security Advisory 2013-03-04-1

Posted by deepcore under Apple, exploit, facebook, hhu, iphone, m$, OSX security tools, Privacy, Security, software, tools, twitter, XSS (No Respond)

Apple Security Advisory 2013-03-04-1 – Multiple vulnerabilities existed in Java 1.6.0_41, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox, have been addressed.

Tags: , , , ,

Viscosity setuid-set ViscosityHelper Privilege Escalation

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)

This Metasploit module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X. The vulnerability exists in the setuid ViscosityHelper, where an insufficient validation of path names allows execution of arbitrary python code as root. This Metasploit module has been tested successfully on Viscosity 1.4.1 over Mac OS X 10.7.5.

Tags: , , ,

Setuid Tunnelblick Privilege Escalation

Posted by deepcore under Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS (No Respond)

This Metasploit module exploits a vulnerability in Tunnelblick 3.2.8 on Mac OS X. The vulnerability exists in the setuid openvpnstart, where an insufficient validation of path names allows execution of arbitrary shell scripts as root. This Metasploit module has been tested successfully on Tunnelblick 3.2.8 build 2891.3099 over Mac OS X 10.7.5.

Tags: , , ,

[papers] – Story of a Client-Side Attack

Posted by deepcore under exploit, m$, XSS (No Respond)

Story of a Client-Side Attack

Tags: , , , ,

[papers] – From Write to root on AIX

Posted by deepcore under exploit, m$, XSS (No Respond)

From Write to root on AIX

Tags: , , ,

[webapps] – MTP Poll 1.0 – Multiple XSS Vulnerabilities

Posted by deepcore under exploit, m$, Security, XSS (No Respond)

MTP Poll 1.0 – Multiple XSS Vulnerabilities

Tags: , , , ,

[webapps] – MTP Guestbook 1.0 – Multiple XSS Vulnerabilities

Posted by deepcore under exploit, m$, Security, XSS (No Respond)

MTP Guestbook 1.0 – Multiple XSS Vulnerabilities

Tags: , ,