Aris AGX agXchange ESM Cross Site Scripting Vulnerability

2010-03-23 Thread lament
= Yaniv Miron aka "Lament" Advisory March 12, 2010 Aris AGX agXchange ESM Cross Site Scripting Vulnerability = = I. BACKGROUND = E2B safety submissions modul

IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability

2010-03-22 Thread lament
= Yaniv Miron aka "Lament" Advisory March 12, 2010 IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability = = I. BACKGROUND = IBM Lotus Software deliv

Aris AGX agXchange ESM Open Redirection Vulnerability

2010-03-22 Thread lament
= Yaniv Miron aka "Lament" Advisory March 12, 2010 Aris AGX agXchange ESM Open Redirection Vulnerability = = I. BACKGROUND = E2B safety submissions module.

IBM Lotus 6.x HTTP Response Splitting Vulnerability

2010-03-19 Thread lament
= Yaniv Miron aka "Lament" Advisory March 12, 2010 IBM Lotus 6.x HTTP Response Splitting Vulnerability = = I. BACKGROUND = IBM Lotus Software deliv

Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability

2010-03-10 Thread lament
= Yaniv Miron aka "Lament" Advisory March 7, 2010 Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability = = I. BACKGROUND = Ba

IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability

2010-03-09 Thread lament
= Yaniv Miron aka "Lament" Advisory March 7, 2010 IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability = = I. BACKGROUND = ENOVIA SmarTeam provides highly flexib

Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities

2010-03-02 Thread lament
= Yaniv Miron aka "Lament" Advisory Feb 28, 2010 Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities = = I. BACKGROUND =

Eshbel Priority MarketGate module Cross Site Scripting Vulnerability

2010-03-02 Thread lament
= Yaniv Miron aka "Lament" Advisory Feb 27, 2010 Eshbel Priority MarketGate module Cross Site Scripting Vulnerability = = I. BACKGROUND = Priority’s ERP The featu

Oracle Siebel 7.x CRM Cross Site Scripting Vulnerability

2010-03-01 Thread lament
=== Yaniv Miron aka "Lament" Advisory Feb 27, 2010 Oracle Siebel 7.x CRM (7.7, 7.8 tested) Cross Site Scripting Vulnerability === = I.

ARISg5 (Version 5.0) Cross Site Scripting Vulnerability

2010-03-01 Thread lament
= Yaniv Miron aka "Lament" Advisory Feb 24, 2010 ARISg5 (Version 5.0) Cross Site Scripting Vulnerability = == Applic

Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

2008-05-15 Thread lament hero
's only a PoC. Try to change FireFox to auto-select and refresh it so it will jump to UTF-7. Yaniv Miron aka "Lament". __ __ Gentlemen, With respect to http://www.securityfocus.com/bid/29112 Per http://www.ietf.org/rfc/rfc2616.txt 3.7.1 Canonical

Apache Server HTML Injection and UTF-7 XSS Vulnerability

2008-05-09 Thread lament hero
k had been tested on some Apache versions as 2.2.x and 1.3.x and on some versions of FireFox up to version 2.0.0.x and in IE 6 and 7. We leave it to other hackers to upgrade the attack and make it fully automatic. Yaniv Miron aka "Lament".