Advisories

Muchos XSS en sonico.com

By Javier on 2011-11-19

Un poco de todo, permanent XSS, reflected XSS y self-XSS. [...]

Posted in Advisories, General | Tagged flojo, sonico.com, xss | Leave a response

Post Revolution 0.8.0c Multiple vulnerabilities

By Javier on 2011-06-01

info
———————————
Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities
Class: Design Error && Input Validation Error
CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954
Remote: Yes
Local: No
Credit : Javier Bassi <javierbassi [at] gmail [dot] com>
Vulnerable : All versions prior to and including 0.8.0c are affected.
Vendor Hompeage : http://postrev.com.ar
[...]

Posted in Advisories | Tagged CSRF, DoS, post revolution, xss | Leave a response

XSS in Webmin 1.540 + exploit for privilege escalation (CVE-2011-1937)

By Javier on 2011-04-24

Information
——————–
Name : XSS vulnerability in Webmin
Software : All versions prior to and including 1.540 are affected.
Vendor Hompeage : http://www.webmin.com
Vulnerability Type : Cross-Site Scripting
IDs: CVE-2011-1937 BID-47558
Severity : Medium
Researcher : Javier Bassi <javierbassi [at] gmail [dot] com>
[...]

Posted in Advisories, GNU/Linux | Tagged chfn, exploit, webmin, xss | 10 Responses