dotDefender is prone to a XSS because it doesn't satinate the input vars
correctly. Injecting obfusctated JavaScript code based on references vars
assignment, the dotDefender WAF is vulnerable.
Class: Input Validation Error
Remote: Yes
Credit: David K. (SH4V)
Vulnerable: till 4.02
Exploit:
//
Downloads and more information at http://www.metasploit.com/
--
The Metasploit Project is proud to announce the release of the
Metasploit Framework version 3.4.1. As always, you can get it from
our downloads page, for Windows, Linux or as an OS-independent
tarball. This release sees the first o
Published by Securitylab.ir
Founder: unknown
/*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2068-1 secur...@debian.org
http://www.debian.org/security/Giuseppe Iuculano
July 11, 2010
Looks like URLScan blocks this vulnerability by default. I've just tried the
URL against one of our old Windows 2000 servers, and it gives me a 404 error.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2069-1 secur...@debian.org
http://www.debian.org/security/ Raphael Geissert
Jul 11, 2010