-
New advisory released: Session Token Enumeration in RWS WorldServer.
New advisory released: Session Token Enumeration in RWS WorldServer. Go to Source
-
On 2 October 2023 Jens Liebchen held the talk “Gezielter Ausnahmezustand – Penetrationstests” as part of the event Fachschaftstagung Ingenieurswissenschaften of the Cusanuswerk. The German language slides are available for download under Publications.
On 2 October 2023 Jens Liebchen held the talk “Gezielter Ausnahmezustand – Penetrationstests” as part of the event Fachschaftstagung Ingenieurswissenschaften of the Cusanuswerk. The German language slides are available for download under Publications. Go to Source
-
New advisory released: D-Link DAP-X1860: Remote Command Injection .
New advisory released: D-Link DAP-X1860: Remote Command Injection . Go to Source
-
Our new blog post gives an overview of exploiting vulnerabilities in Ghostscript.
Our new blog post gives an overview of exploiting vulnerabilities in Ghostscript. Go to Source
-
New advisory released: STARFACE: Authentication with Password Hash Possible.
New advisory released: STARFACE: Authentication with Password Hash Possible. Go to Source
-
In our new blog post we discuss common misconceptions about login mechanisms using the example of a vulnerability in the web interface of STARFACE PBX.
In our new blog post we discuss common misconceptions about login mechanisms using the example of a vulnerability in the web interface of STARFACE PBX. Go to Source
-
A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail.
A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail. Go to Source
-
CVE-2025-0207 – Code-Projects Online Shoe Store SQL Injection Vulnerability
CVE ID : CVE-2025-0207 Published : Jan. 4, 2025, 1:15 p.m. | 27 minutes ago Description : A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql injection. The…
-
CVE-2025-0208 – Online Shoe Store SQL Injection Vulnerability
CVE ID : CVE-2025-0208 Published : Jan. 4, 2025, 1:15 p.m. | 27 minutes ago Description : A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate…
-
CVE-2024-12475 – “WordPress WP Multi Store Locator Stored Cross-Site Scripting Vulnerability”
CVE ID : CVE-2024-12475 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…