Category Archives: Cross Site Scripting

The State of Web Application Vulnerabilities in 2017

Posted on by

As a web application firewall provider, part of our job at Imperva is constantly monitoring new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newslett… Continue reading The State of Web Application Vulnerabilities in 2017

Oracle Patches Critical Vulnerabilities in PeopleSoft Applications

Posted on by

Oracle has released out-of-band security patches for a component used by multiple ERP applications from its PeopleSoft suite. The updates fix five vulnerabilities, including two critical ones that can be exploited to access data from or completely comp… Continue reading Oracle Patches Critical Vulnerabilities in PeopleSoft Applications

Content Security Policies with Sven Morgenroth, Netsparker – Paul’s Security Weekly #536

Posted on by

We welcome Sven Morgenroth back to the show! Sven currently works as a Security Researcher at Netsparker. He rejoins us to deliver a technical segment on content security policies and cross-site scripting! Full Show Notes Subscribe to YouTube Channel

The post Content Security Policies with Sven Morgenroth, Netsparker – Paul’s Security Weekly #536 appeared first on Security Weekly.

Continue reading Content Security Policies with Sven Morgenroth, Netsparker – Paul’s Security Weekly #536

SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Posted on by

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.” Credit An … Continue reading SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

The post SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution appeared first on Security Boulevard.

Continue reading SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

Posted on by

Vulnerability Summary The following advisory describes an unauthenticated stored XSS in the HPE Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch. The vulnerability affect versions: Software Version: 01.00.10 Boot version: 1.0.0.14 Hardware Version: 01.01.0a “On April 12, 2010, Hewlett-Packard completed the acquisition of 3Com. Since the acquisition, 3Com has been … Continue reading SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

The post SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS appeared first on Security Boulevard.

Continue reading SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities

Posted on by

IOActive analyzed 21 mobile stock trading platforms and found vulnerabilities that put transactions and personal information at risk. Of the 13 firms notified, only two acknowledged the disclosure. Continue reading Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities