This whitepaper is called Attacking Magstripe Gift Cards. It is based on research conducted on a large number of UK gift cards. The paper also provides a series of guidelines and tips for developers and systems architects who are involved in the process of implementing their own gift card technology.
e1042460007fc647cda1299c7fadd72f83df07ca8b4a49cf309e5009f1a5993b
Novell GroupWise WebAccess suffers from a cross site request forgery vulnerability. Version 7.0.3 is affected.
720e54a18ca643bcc529127da3cfa1c3758769a635c402db883befa22705bec0
The Cisco IOS HTTP server is vulnerable to cross site scripting within invalid parameters processed by the "/ping" server-side binary/script.
9ae67732eb54093c6544c63e2953cba56031df7cd73a205c4ce458b69783a88a
The 3Com AP 8760 suffers from authentication bypass, password leakage, and SNMP injection vulnerabilities. Details provided.
23b5cdcfae6b89704fccdcebd00d1ae55e3f48331216d43a26e85f5664b02003
Sun Java System Identity suffers from a cross site request forgery vulnerability. Proof of concept code included.
aab83ef3374bf90d0fdb9403e4cc641a2e45c39abb67680b7db155ef488b8ca9
CUPS version 1.3.7 cross site request forgery remote crash exploit that makes use of the add rss subscription functionality.
6e4f00554a897ed6be22f88ed7198949f40913f4b34db7670960d0d1d9a7cf8f
A vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious web link. SonicWALL Pro 2040 is affected.
680063bf9eaca59b8914a7661552098e4550767aec39e8e52fb7d8fc7ff6e15e
Whitepaper entitled SNMP Injection - Achieving Persistent HTML Injection via SNMP on Embedded Devices.
ace95e6e015bcde9714bec5eb0612843f605b3cd71d3b207aaadcab78367c8ad
Remote SQL injection, cross site scripting, and user enumeration vulnerabilities exist in DPSnet Case Progress.
0a2e10b125f92c734c445d338f2ce29f6235b3cd82345ce56eea2fbf2cda1c5d
The BT Home Hub has now changed the default access password from admin to the serial number of the device, but allows retrieval of the number via a simple MDAP request in the same network.
5a3ba5771f669f0d36e2e14d02605ae45cde0985a569ac6b24a5e403fcc692c7
Write up discussing the default key algorithm used in Thompson and BT Home Hub routers.
e9078db23cd811510dd6bf8d8871f2705feaf45194a34d289de4ad6fd8aa3564
The Plone CMS is susceptible to cross site request forgery attacks and suffers from other vulnerabilities such as credentials being stored in cookies, a lack of authentication state on the server side, and session cookies never changing.
9fa210737534dab70aad652659316b887c987b046c5b5aec3193ff894d27743d
Hacking ZyXEL Gateways - This paper is the result of various security assessments performed on several ZyXEL Prestige devices in both, a controlled environment (computer lab) and production environments during several penetration tests.
600401012d7e58dd3e96b349711e77fedae3680aed73812bb47cdc6783b6a6d3
BEA Plumtree Foundation portal version 6.0 and BEA AquaLogic Interaction version 6.1 are both vulnerable to a cross site scripting vulnerability.
7a08c7f2e308d21418659bf94d530748edc0e377060fe39dc2ceed70fa329e2a
Sun Java System Identity Manager version 6.0, Sun Java System Identity Manager version 7.0, and Sun Java System Identity Manager version 7.1 are susceptible to cross domain redirection, cross site scripting, and frame injection vulnerabilities.
d6006a16a69c00bd066f6cb36ecb14b95ece02d9fc7932ef0a831f29ef9988fd
Directory traversal, cross site scripting, and SQL injection vulnerabilities exist in the Absolute News Manager .NET version 5.1.
c20201b4d8c8d24e7310c36b1d34160f498e4b267278ba9e50ad2889cd7016c1
By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP request on the BEA Plumtree Portal.
776de6dc499e6ebfc575f8b19a3ac66c6953bcc956cb6a8b5c59f0a43584290a
BEA Plumtree Portal is vulnerable to a internal hostname disclosure vulnerability.
866b56dd83ba8330356f8847ee9d66d1be2f67a4336cc14f44ee0a485a6a593a
A cross site scripting vulnerability has been discovered in Apache versions 2.2.x and 2.0.x using a malformed HTTP request with 413 error pages.
5e5ecae2dd8650f2334b76ce5c8c11c07a739563e20ab71119ce66af66f4b72c
The F5 FirePass 4100 SSL VPN is susceptible to cross site scripting vulnerabilities in my.activation.php3.
f93567dd019619dc99df7b77129c40ab79f517ee69a40dd6ed1e64a113c580e3
The Liferay Portal login page is vulnerable to a cross site scripting vulnerability within the "login" field processed by the "/c/portal/login" server-side script.
c5b4c300ba8f9b20584c800933c0325a4d4d46f7e96b287d9a80d0e033cff5fd
A cross site scripting vulnerability exists in F5 Networks FirePass versions 5.4 through 5.5.2 and versions 6.0 through 6.0.1.
51540fba61ee07c114e319066190f0cda6e0b78c22a023ed48a9ce08149e0dd6
Two cross site scripting vulnerabilities have been discovered in the Blue coat ProxySG Management Console. Versions below 4.2.6.1 and 5.2.2.5 are susceptible.
3727cb9c34a1696c8c0b76accc01046338bd92bc0f1d21fd1d216fbf171502a4
Whitepaper discussing multiple vulnerabilities discovered against the AXIS 2100 IP camera system.
986692b6f4654c94d63979c6dd3fda4e17b01269b1945b047ee8d945a1bdd005
Webbler CMS version 3.1.3 forms are susceptible to spamming and phishing abuse.
5503488e23f6c7be676955ef2ffeb9270118cf81117c979021082d3a7f4cb7b9