D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB
A vulnerability in seven D-Link NAS devices belonging to the DNS series may allow an attacker to gain full read and write access to the data stored on the device.
Recent Posts
Vtiger CRM 6.4 Authenticated Remote Code Execution (CVE-2016-1713)
Vtiger CRM version 6.4 is still vulnerable to Authenticated Remote Code Execution. Related to, yet different from CVE-2015-6000.
SANS Holiday Hack 2015: Solutions & Answers
Technical solutions for the SANS Holiday Hack 2015, covering packet capture analysis, Local File Inclusion, NoSQL Injection, Remote Code Execution, binary exploitation & exploit development on Linux with gdb, bypassing canary and ASLR protection.
Vtiger CRM <= 6.3 Authenticated Remote Code Execution (CVE-2015-6000)
Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code Execution.
Amazon.com Stored XSS via Book Metadata
I have found a Stored Cross-Site Scripting (XSS) vulnerability on Amazon.com. This post explains the issue and describes a possible venue of exploitation.
Amazon.com Stored XSS via Kindle Device Name
Description of a Stored Cross-Site Scripting (XSS) vulnerability on Amazon.com, but with an unusual injection point: the Amazon Kindle.
Huawei E303 Allows Remote Attackers to Send SMS Messages on Victim's Behalf (CVE-2014-2946)
Describes a CSRF vulnerability in the Huawei E303 2G/3G USB Modem, allowing an attacker to send text messages via the victim's device and to attacker-specified recipients.