XSS

Pierluigi Paganini September 11, 2017
Expert disclosed 10 zero-day vulnerabilities in D-Link DIR 850L wireless routers

The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in D-Link DIR 850L routers and invites users to stop using them. The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in routers from networking equipment manufacturer D-Link that open owners to cyber attacks. The flawed devices are the D-Link DIR 850L wireless AC1200 dual-band […]

Pierluigi Paganini July 11, 2017
Do you use Adobe Flash Player? You should update it now!

Adobe released new versions of Flash Player and Connect web conferencing software to fix important and critical vulnerabilities. According to the security advisory published by Adobe for Flash Player, the new version 26.0.0.137 patches three critical vulnerabilities, including a remote code execution flaw tracked as CVE-2017-3099 that can be exploited by attackers to take full control of affected systems. […]

Pierluigi Paganini May 19, 2017
WordPress 4.7.5 release addresses six security vulnerabilities

The new WordPress 4.7.5 release fixes six security vulnerabilities affecting version 4.7.4 and earlier, including XSS, CSRF, SSRF flaws. The WordPress 4.7.5 release patches six vulnerabilities affecting version 4.7.4 and earlier. The latest version addresses cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF) flaws. Below the list of the security issues fixed […]

Pierluigi Paganini May 11, 2017
SAP Patches 17 security flaws, the lowest number of monthly update over the past 6 months

SAP issued the May 2017 Security Update that addresses 17 security Vulnerabilities. On Tuesday SAP released the May 2017 security update that addresses 17 vulnerabilities in its products, 9 of them were released on this Security Patch Day. “On 9th of May 2017, SAP Security Patch Day saw the release of 9 security notes. Additionally, there were […]

Pierluigi Paganini April 10, 2017
How to get admin credentials from TP-Link M5350 3G/Wi-Fi modem with a text message

A German security researcher discovered how to retrieve the admin credentials from a TP-Link M5350 3G/Wi-Fi modem with an evil text message Some bugs are very strange and dangerous, this is the case of a flaw affecting the TP-Link’s M5350 3G/Wi-Fi router that can expose admin credentials to an evil text message. The bug was discovered […]

Pierluigi Paganini March 08, 2017
Serious flaws in Western Digital My Cloud NAS devices allow attackers to fully control them

Researchers discovered serious issues in Western Digital My Cloud NAS that can be exploited by attackers to gain root control of the affected devices. Western Digital Corporation network-attached storage owners were warned of Critical flaws in Western Digital NAS boxes of the My Cloud NAS line could be exploited by remote attackers to gain remote control […]

Pierluigi Paganini March 07, 2017
WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched. WordPress has issued a new security release, the WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè Dale, Yorick Koster, Simon P. Briggs, Marc […]

Pierluigi Paganini March 01, 2017
XSS flaws in Zscaler Cloud management software allow logged attackers to hack coworkers

Zscaler has fixed persistent XSS vulnerabilities affecting Zscaler Cloud management software that allow logged attackers to hack coworkers. Serious cross-site scripting (XSS) flaws in the Zscaler Cloud management software could be exploited by attackers to inject malicious HTML and JavaScript into the browsers of other users who visit the portal. In order to exploit the flaws, the attacker […]

Pierluigi Paganini February 10, 2017
Every website that uses jQuery Mobile, and has any open redirect is vulnerable to XSS

Every website that uses jQuery Mobile, and has any open redirect anywhere is vulnerable to cross-site scripting (XSS) attacks. The jQuery Foundation’s jQuery Mobile project is an HTML5-based framework that allows users to design a single responsive web site or application that will work on all popular mobile devices and desktop systems. According to the foundation, […]

Pierluigi Paganini December 08, 2016
A flaw in the Yahoo Email service allowed hackers to access target’s emails

The Finnish security expert Jouko Pynnönen discovered a vulnerability in the Yahoo email service that allowed hackers to read anyone messages. A vulnerability in the Yahoo email service allowed hackers to read anyone messages. The giant IT has recently patched the flaw that was discovered by Jouko Pynnönen, a Finnish Security researcher from security firm Klikki […]