This whitepaper is called Attacking Magstripe Gift Cards. It is based on research conducted on a large number of UK gift cards. The paper also provides a series of guidelines and tips for developers and systems architects who are involved in the process of implementing their own gift card technology.
e1042460007fc647cda1299c7fadd72f83df07ca8b4a49cf309e5009f1a5993bNovell GroupWise WebAccess suffers from a cross site request forgery vulnerability. Version 7.0.3 is affected.
720e54a18ca643bcc529127da3cfa1c3758769a635c402db883befa22705bec0The Cisco IOS HTTP server is vulnerable to cross site scripting within invalid parameters processed by the "/ping" server-side binary/script.
9ae67732eb54093c6544c63e2953cba56031df7cd73a205c4ce458b69783a88aThe 3Com AP 8760 suffers from authentication bypass, password leakage, and SNMP injection vulnerabilities. Details provided.
23b5cdcfae6b89704fccdcebd00d1ae55e3f48331216d43a26e85f5664b02003Sun Java System Identity suffers from a cross site request forgery vulnerability. Proof of concept code included.
aab83ef3374bf90d0fdb9403e4cc641a2e45c39abb67680b7db155ef488b8ca9CUPS version 1.3.7 cross site request forgery remote crash exploit that makes use of the add rss subscription functionality.
6e4f00554a897ed6be22f88ed7198949f40913f4b34db7670960d0d1d9a7cf8fA vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious web link. SonicWALL Pro 2040 is affected.
680063bf9eaca59b8914a7661552098e4550767aec39e8e52fb7d8fc7ff6e15eWhitepaper entitled SNMP Injection - Achieving Persistent HTML Injection via SNMP on Embedded Devices.
ace95e6e015bcde9714bec5eb0612843f605b3cd71d3b207aaadcab78367c8adRemote SQL injection, cross site scripting, and user enumeration vulnerabilities exist in DPSnet Case Progress.
0a2e10b125f92c734c445d338f2ce29f6235b3cd82345ce56eea2fbf2cda1c5dThe BT Home Hub has now changed the default access password from admin to the serial number of the device, but allows retrieval of the number via a simple MDAP request in the same network.
5a3ba5771f669f0d36e2e14d02605ae45cde0985a569ac6b24a5e403fcc692c7Write up discussing the default key algorithm used in Thompson and BT Home Hub routers.
e9078db23cd811510dd6bf8d8871f2705feaf45194a34d289de4ad6fd8aa3564The Plone CMS is susceptible to cross site request forgery attacks and suffers from other vulnerabilities such as credentials being stored in cookies, a lack of authentication state on the server side, and session cookies never changing.
9fa210737534dab70aad652659316b887c987b046c5b5aec3193ff894d27743dHacking ZyXEL Gateways - This paper is the result of various security assessments performed on several ZyXEL Prestige devices in both, a controlled environment (computer lab) and production environments during several penetration tests.
600401012d7e58dd3e96b349711e77fedae3680aed73812bb47cdc6783b6a6d3BEA Plumtree Foundation portal version 6.0 and BEA AquaLogic Interaction version 6.1 are both vulnerable to a cross site scripting vulnerability.
7a08c7f2e308d21418659bf94d530748edc0e377060fe39dc2ceed70fa329e2aSun Java System Identity Manager version 6.0, Sun Java System Identity Manager version 7.0, and Sun Java System Identity Manager version 7.1 are susceptible to cross domain redirection, cross site scripting, and frame injection vulnerabilities.
d6006a16a69c00bd066f6cb36ecb14b95ece02d9fc7932ef0a831f29ef9988fdDirectory traversal, cross site scripting, and SQL injection vulnerabilities exist in the Absolute News Manager .NET version 5.1.
c20201b4d8c8d24e7310c36b1d34160f498e4b267278ba9e50ad2889cd7016c1By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP request on the BEA Plumtree Portal.
776de6dc499e6ebfc575f8b19a3ac66c6953bcc956cb6a8b5c59f0a43584290aBEA Plumtree Portal is vulnerable to a internal hostname disclosure vulnerability.
866b56dd83ba8330356f8847ee9d66d1be2f67a4336cc14f44ee0a485a6a593aA cross site scripting vulnerability has been discovered in Apache versions 2.2.x and 2.0.x using a malformed HTTP request with 413 error pages.
5e5ecae2dd8650f2334b76ce5c8c11c07a739563e20ab71119ce66af66f4b72cThe F5 FirePass 4100 SSL VPN is susceptible to cross site scripting vulnerabilities in my.activation.php3.
f93567dd019619dc99df7b77129c40ab79f517ee69a40dd6ed1e64a113c580e3The Liferay Portal login page is vulnerable to a cross site scripting vulnerability within the "login" field processed by the "/c/portal/login" server-side script.
c5b4c300ba8f9b20584c800933c0325a4d4d46f7e96b287d9a80d0e033cff5fdA cross site scripting vulnerability exists in F5 Networks FirePass versions 5.4 through 5.5.2 and versions 6.0 through 6.0.1.
51540fba61ee07c114e319066190f0cda6e0b78c22a023ed48a9ce08149e0dd6Two cross site scripting vulnerabilities have been discovered in the Blue coat ProxySG Management Console. Versions below 4.2.6.1 and 5.2.2.5 are susceptible.
3727cb9c34a1696c8c0b76accc01046338bd92bc0f1d21fd1d216fbf171502a4Whitepaper discussing multiple vulnerabilities discovered against the AXIS 2100 IP camera system.
986692b6f4654c94d63979c6dd3fda4e17b01269b1945b047ee8d945a1bdd005Webbler CMS version 3.1.3 forms are susceptible to spamming and phishing abuse.
5503488e23f6c7be676955ef2ffeb9270118cf81117c979021082d3a7f4cb7b9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed