Category: Zero Day

CVE-2016-10097, XXE, SSO, Open AM 10.1.0, XML Injection, SAML Request Parameter

CVE-2016-10097 – See Also Indicators of Compromise DORK: “Copyright © 2010 ForgeRock AS, Philip Pedersens vei 1, 1366 Lysaker, Norway” XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM – Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. XXE Proof of Concept (PoC) Code for Exploit against Open AM 10.1.0 […]

XSS, LFI, Linksys E4200 Firmware, 0D

XSS, LFI in Cisco, Linksys E4200 Firmware CVE-2013-2678, CVE-2013-2679, CVE-2013-2680, CVE-2013-2681, CVE-2013-2682, CVE-2013-2683, CVE-2013-2684 Keywords XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Cisco, Linksys, E4200, Wireless Router, cyberTAN Corp    Credits http://xss.cx/ Summary Reflected XSS + LFI Bugs in the Cisco, Linksys E4200 Wireless Router Firmware Version: 1.0.05 build 7 were […]