firefox – Seguridad PY

Vulnerabilidad en Firefox permite suplantar los servidores de Mozilla

22/09/201619/12/2016 Gustavo Genez firefox, vulnerabilidad

Una vulnerabilidad crítica hallada en Firefox podría permitir a atacantes con los recursos necesarios el poder realizar ataques de suplantación man-in-the-middle que también

Seguridad

PasswordFox: extrayendo contraseñas de Firefox automáticamente

06/09/201606/09/2016 Gustavo Genez aplicaciones, firefox, herramienta, testing

PasswordFox es una de esas herramientas simples que nos facilitarán las labores de pentesting enormemente. Cuando estamos en una auditoría

CVE-2019-12934 20/07/2019
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229 20/07/2019
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can authenticate with the default 1234 password that cannot be changed, and can execute malicious […]
CVE-2018-17210 20/07/2019
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass the session checks (that would otherwise logout a […]
CVE-2019-12815 19/07/2019
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569 19/07/2019
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.