D-Link NAS, DNS Series: Stored XSS via Unauthenticated SMB
A vulnerability in seven D-Link NAS devices belonging to the DNS series may allow an attacker to gain full read and write access to the data stored on the device.
A vulnerability in seven D-Link NAS devices belonging to the DNS series may allow an attacker to gain full read and write access to the data stored on the device.
Vtiger CRM version 6.4 is still vulnerable to Authenticated Remote Code Execution. Related to, yet different from CVE-2015-6000.
Technical solutions for the SANS Holiday Hack 2015, covering packet capture analysis, Local File Inclusion, NoSQL Injection, Remote Code Execution, binary exploitation & exploit development on Linux with gdb, bypassing canary and ASLR protection.
Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code Execution.
I have found a Stored Cross-Site Scripting (XSS) vulnerability on Amazon.com. This post explains the issue and describes a possible venue of exploitation.
Description of a Stored Cross-Site Scripting (XSS) vulnerability on Amazon.com, but with an unusual injection point: the Amazon Kindle.
Describes a CSRF vulnerability in the Huawei E303 2G/3G USB Modem, allowing an attacker to send text messages via the victim's device and to attacker-specified recipients.