Cross-site request forgery – Page 3

All You Need To Know About Cross-Site Request Forgery (CSRF)

Posted on July 27, 2017 by Darknet

Cross-Site Request Forgery is a term you’ve properly heard in the context of web security or web hacking, but do you really know what it means? The OWASP definition is as follows: Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re […]

The post All You Need…

Read the full post at darknet.org.uk

Continue reading All You Need To Know About Cross-Site Request Forgery (CSRF)→

ASUS Patches RT Router Vulnerabilities

Posted on May 11, 2017 by Michael Mimoso

ASUS updated the firmware in March of a number of its RT routers to address vulnerabilities found within the device’s native web interface. Continue reading ASUS Patches RT Router Vulnerabilities→

Vulnerability Disclosed in Ubquiti Networks Admin Interface

Posted on March 17, 2017 by Michael Mimoso

Researchers at SEC Consult disclosed a command injection vulnerability in Ubiquiti Networks gear for ISPs after a private disclosure to the vendor in November went unresolved. Continue reading Vulnerability Disclosed in Ubquiti Networks Admin Interface→

Vulnerability Disclosed in Ubquiti Networks Admin Interface

Posted on March 17, 2017 by Michael Mimoso

WordPress 4.7.3 Patches Half-Dozen Vulnerabilities

Posted on March 7, 2017 by Michael Mimoso

WordPress released version 4.7.3 which patches six vulnerabilities including one that could be chained with the REST API Endpoint vulnerability. Continue reading WordPress 4.7.3 Patches Half-Dozen Vulnerabilities→

Cisco Patches Critical Bug In Video Conferencing Server Hardware

Posted on October 13, 2016 by Tom Spring

A vulnerability in Cisco’s meeting server software allows a remote attacker to masquerade as legit user. Continue reading Cisco Patches Critical Bug In Video Conferencing Server Hardware→

Moxa Won’t Patch Publicly Disclosed Flaws Until August

Posted on April 11, 2016 by Michael Mimoso

A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to ICS-CERT. Continue reading Moxa Won’t Patch Publicly Disclosed Flaws Until August→

Microsoft Pays $13,000 to Hacker for Finding Authentication Flaw

Posted on April 4, 2016 by Wang Wei

A security researcher has won $13,000 bounty from Microsoft for finding a critical flaw in its main authentication system that could allow hackers to gain access to a user’s Outlook, Azure and Office accounts.

The vulnerability has been uncovered by… Continue reading Microsoft Pays $13,000 to Hacker for Finding Authentication Flaw→