exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 35 of 35 RSS Feed

Files from Han Sahin

Email addresshan.sahin at securify.nl
First Active2015-03-11
Last Active2017-04-30
Websense Content Gateway Error Message Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Websense Content Gateway error messages are vulnerable to cross site scripting.

tags | exploit, xss
SHA-256 | 58f600eaed898f1ca351c4b8d1cbec131fbfe943f225520c81a41f29a0067a03
Websense Reporting Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Websense Reporting suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 19b2dc3d78140a923b9085dab9d45e139e61f79e70bb9f569bc419899ca2710b
Websense Explorer Report Scheduler Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Websense Explorer's report scheduler suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 437a9f75eca191601c80ffa7f7c81146dc40026d999f157af7aa5fa4635d9461
Websense Data Security Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that the Websense Data Security block page processes user-controllable data insecurely, rendering the block page vulnerable to cross site scripting.

tags | exploit, xss
SHA-256 | f3ceee1d1b8d8314759c25514da344340d509358c90fe5b334a3fee4673a6305
Websense Explorer Missing Access Control
Posted Mar 19, 2015
Authored by Han Sahin

It was discovered that no access control is enforced on the explorer_wse path, which is exposed through the web server. An attacker can abuse this issue to download any file exposed by this path, including security reports and Websense Explorer configuration files.

tags | exploit, web
SHA-256 | ec6c438270cff0bddf53b78da134f39a1f995ed0021b3fa3dc986797bb9d28ea
Websense Triton Source Code Disclosure
Posted Mar 19, 2015
Authored by Han Sahin

Websense Triton is affected by a source code disclosure vulnerability. By appending a double quote character after JSP URLs, Websense will return the source code of the JSP instead of executing the JSP. An attacker can use this issue to inspect parts of Websense's source code in order to gain more knowledge about Websense's internals.

tags | exploit, info disclosure
SHA-256 | bea41cc67f2ff2025f34ba87479f5525c6c77dbe1476e500ef73fac0a668a4a3
Websense Appliance Manager Command Injection
Posted Mar 19, 2015
Authored by Han Sahin

A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like cross site scripting, to perform a remote unauthenticated attacks to compromise the appliance.

tags | exploit, remote, arbitrary, vulnerability, xss
SHA-256 | 46837dcf6a5d28dc59eaab3be3f8b5c988bf22906dd8c40892e389c43e23257b
Websense Email Security Cross Site Scripting
Posted Mar 19, 2015
Authored by Han Sahin

Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.

tags | advisory, web, arbitrary, xss
SHA-256 | cb8568eb68202e34f2c399915ab08eac2ec81901bfe2ce84f46fd344875d3129
Websense Data Security DLP Incident Forensics Preview XSS
Posted Mar 19, 2015
Authored by Han Sahin

Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.

tags | advisory, web, arbitrary, xss
SHA-256 | b9766eb5d33d72228778743de93441e682ea519fe27c250aec98a6ce1f397474
EMC Secure Remote Services GHOST / SQL Injection / Command Injection
Posted Mar 11, 2015
Authored by Han Sahin | Site emc.com

EMC Secure Remote Services Virtual Edition (ESRS VE) suffers from GHOST, remote SQL injection, and command injection vulnerabilities. Affected products include versions 3.02 and 3.03.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2015-0235, CVE-2015-0524, CVE-2015-0525
SHA-256 | 6b3ffdb9909af633f358b0989f2fbd7d173162224f69793af11938be23147164
Page 2 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close