Vulnerability SummaryWhen an admin accesses the Administrator Control Panel (ACP) in phpBB, a leftover session id GET parameter is present in the URL when he goes back to the Board index. Using a special remote avatar URL, an attacker can leak this session id value and perform a CSRF attack in order to create an …
SSD Advisory – phpBB CSRF Token Hijacking leading to Stored XSS Read More »
Vulnerability SummaryThe following advisory describes a Stored XSS Vulnerability found in Fortinet’s Fortigate Firewall(FortiOS) via an unauthenticated DHCP packet.CVECVE-2019-6697CreditAn independent Security Researcher, Toshitsugu Yoneyama, has reported this vulnerability to SSD Secure Disclosure program.Affected systemsFortiOS v6.0.4 build 0231.Vendor ResponseFortigate has fixed the vulnerability in FortiOS version 6.2.2Vulnerability DetailsAn unauthenticated attacker can trigger a Stored XSS Vulnerability …
漏洞概要 以下安全公告描述了在Sophos XG 17中发现的一个存储型XSS漏洞,成功利用该漏洞可以获取root访问。 Sophos XG防火墙“全新的控制中心为用户的网络提供前所未有的可视性。可以获得丰富的报告,还可以添加Sophos iView,以便跨多个防火墙进行集中报告。“
Vulnerability Summary The following advisory describes an unauthenticated persistent XSS that leads to unauthorized root access found in Sophos XG version 17. Sophos XG Firewall “provides unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized …
SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access Read More »
Any questions? Interested in our services?
We’d love to hear from you
