Blog Posts Tagged with "XSS"

7d55c20d433dd60022642d3ab77b8efb

SAP Cyber Threat Intelligence Report – June 2017

June 15, 2017 Added by:Alexander Polyakov

In June 2017, SAP released 29 Security Notes, slightly more than the average number of 25 fixes per month released so far in 2017.

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

SAP Security Notes April 2016 - DoS Vulnerabilities on the Rise

April 14, 2016 Added by:Alexander Polyakov

SAP's April security patches resolve 26 vulnerabilities in SAP products, including 19 SAP Security Patch Day Notes and 7 Support Package Notes.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Office 365 Vulnerability Allowed Unauthorized Administrator Access

January 19, 2014 Added by:Anthony M. Freed

Security researcher Alan Byrne has disclosed a Cross Site Scripting (XSS) vulnerability in Microsoft Office 365 that would allow an attacker to obtain administrator privileges and access to the Email and SharePoint content across the network, as well as the ability to make configuration changes.

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech Webaccess Multiple Vulnerabilities

February 17, 2012 Added by:Headlines

ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Focusing on Input Validation

February 11, 2012 Added by:Brent Huston

Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Invensys Wonderware HMI XSS Vulnerabilities

February 09, 2012 Added by:Headlines

Researchers Billy Rios and Terry McCorkle have identified cross-site scripting (XSS) and write access violation vulnerabilities in the Invensys Wonderware HMI reports product that could result in data leakage, denial of service, or remote code execution...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 2

February 07, 2012 Added by:Gary McCully

In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 1

January 31, 2012 Added by:Gary McCully

Many companies that configure web application firewalls do not truly understand the web application attacks they are trying to prevent. Thus, in many cases, we have poorly coded web applications with poorly configured web application firewalls "protecting" them...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Ocean Data Systems Dream Report Vulnerabilities

January 25, 2012 Added by:Headlines

A XSS vulnerability exists in the Ocean Data Dream Report application due to the lack of server-side validation of query string parameter values. An attacker with a low skill level can create the XSS exploit. A write access violation vulnerability also exists in the application...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Cogent DataHub Application Vulnerability

January 18, 2012 Added by:Headlines

A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...

Comments  (0)

Ebdbfa1c3de4d826bbe7fe360c211ecc

Dynamic AJAX CSRF Attack Vector Vulnerability

January 09, 2012 Added by:Shay Chen

Many CSRF prevention mechanisms protect the user by requiring session-specific tokens or custom headers as additional input for action performing modules, and since "normal" CSRF can't analyze responses, these mechanisms prevent most of these attacks - until now...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Vulnerability Response Done Right

January 09, 2012 Added by:Fergal Glynn

Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. As it turned out, the discussion forum where we found the XSS was a SaaS-based product called Lithium...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Want Rapid Feedback? Try a Web Application Security Scan

December 27, 2011 Added by:Brent Huston

While this service finds a number of issues and potential holes, we caution against using it in place of a full application assessment or penetration test if the web application in question processes critical or highly sensitive information...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Top Ten HTML5 Attack Vectors

December 09, 2011 Added by:Headlines

"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

Mass Disclosure of Vulnerabilities in SAP

November 22, 2011 Added by:Alexander Polyakov

This month ERPScan specialists published eight vulnerabilities of different criticality found in SAP products. The vulnerabilities represented almost all risks from the OWASP Top 10, from path traversal and XSS to authorization bypass and code injection...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Adobe Issues Patch for Flash Zero Day Vulnerability

September 22, 2011 Added by:Headlines

"One of these vulnerabilities is being exploited in the wild in active targeted attacks... This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website..."

Comments  (0)

Page « < 1 - 2 - 3 > »