Videos

Tue
23
Jun
Editorial_Staff_Team's picture

Ebay Inc coordinated patch of 3 Magento Vulnerabilities (IVE, XSS & CSRF)

Ebay Inc coordinated patch of 3 Magento Vulnerabilities (IVE, XSS & CSRF)

During the last week the vulnerability researcher hadji samir discovered 3 vulnerabilities patched by the ebay inc security team in cooperation with magento.

The first vulnerability was located in the `filename` value of the image upload module. The attacker needs to create a `New Message` with upload to change the filename to a malicious payload. The attack vector of the issue is located on the application-side and the request method to inject the script code is POST.

A poc video has been recorded in our environment by the core team researcher hadji samir. In the video hadji demonstrates how to exploit an application-side filename validation vulnerability in connection with a upload POST method request.

Wed
17
Jun
Editorial_Staff_Team's picture

ZTE ZXV10 W300 v3.1.0c_DR0 - Remote Session Delete Vulnerability

ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Configuration Vulnerability

A session vulnerability has been discovered in the official ZTE Corporation ZXV10 W300 v3.1.0c_DR0 modem hardware. The security vulnerability allows remote attackers to block/shutedown or delete network settings and components.

Pages

Subscribe to RSS - Videos