Advisory:
|
WordPress Plugin ‘AJAX Comment Page 3.25’ Cross-site scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-006
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on AJAX Comment Page 3.25
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
Requested
|
======================
Vulnerability Description
======================
The parameter ‘max’ of the WordPress plugin ‘AJAX Comment Page’ is prone to a XSS vulnerability
Continue reading "SSCHADV2013-006 - WordPress Plugin 'AJAX Comment Page 3.25' Cross-site scripting vulnerability"
Advisory:
|
WordPress Plugin ‘Types 1.2.1.1’ Cross-Site Request Forgery
& Stored Cross-site scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-005
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Types 1.2.1.1
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
CVE-2013-2768
|
======================
Vulnerability Description
======================
The parameter ‘skypename’ of the WordPress plugin Types 1.2.1.1 is prone to a CSRF and stored XSS vulnerability
Continue reading "SSCHADV2013-005 - WordPress Plugin 'Types 1.2.1.1' Cross-Site Request Forgery & Stored Cross-site scripting vulnerability"
Advisory:
|
WordPress Plugin ‘Feedweb 1.8.8’ Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-004
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Feedweb 1.8.8
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
CVE-2013-2753
|
======================
Vulnerability Description
======================
The WordPress plugin ‘Feedweb 1.8.8’ is prone to a XSS vulnerability
Continue reading "SSCHADV2013-004 - WordPress Plugin 'Feedweb 1.8.8' Cross-site Scripting vulnerability"
dcfldd is an enhanced version of dd developed by the U.S. Department of Defense Computer Forensics Lab. It has some useful features for forensic investigators such as:
- On-the-fly hashing of the transmitted data.
- Progress bar of how much data has already been sent.
- Wiping of disks with known patterns.
- Verification that the image is identical to the original drive, bit-for-bit.
- Simultaneous output to more than one file/disk is possible.
- The output can be split into multiple files.
- Logs and data can be piped into external applications.
The program only produces raw image files.
Example:
dcfldd if=/dev/sda hash=md5 md5log=md5.txt hashconv=after \ bs=512 conv=noerror,sync split=2048GB splitformat=aa of=image.dd
|
Today, for some reasons I needed a quick access to some older linux partitions. After a quick search on Google I found the "DiskInternals Linux Reader" which seems do the job and which is absolutly free, too :-)
After a quick installation, the tool works like the windows explorer. But remember, the access is "read-only"!
Enjoy yourself!
Advisory:
|
www.friendscout24.de – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2012-025
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on www.friendscout24.de
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
http://www.friendscout24.de is prone to a XSS vulnerability
Continue reading "SSCHADV2012-025 - www.friendscout24.de - Cross-site Scripting vulnerability"