[FD] LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability

Information Advisory by Netsparker Name: HTTP Header Injection in LiteSpeed Web Server Affected Software : LiteSpeed Web Server Affected Versions: v5.1.0 and possibly below Vendor Homepage : https://www.litespeedtech.com/ Vulnerability Type : HTTP Header Injection Severity : Me

[FD] mobile.facebook.com is not on HSTS preload list or sending the Strict-Transport-Security header

Hi All, I've noticed that mobile.facebook.com domain is not on HSTS preload list or sending the Strict-Transport-Security header. All the others domains like m.facebook.com is using HSTS properly. I reported this to Facebook on 12/3/15 through the whitehat program and got the answer below. I've ch

[FD] GRR <= 3.0.0-RC1 (all versions) file upload filter bypass (authenficated)

# Exploit Title: GRR <= 3.0.0-RC1 (all versions) RCE with privilege escalation through file upload filter bypass (authenficated) # Date: January 7th, 2016 # Exploit Author: kmkz (Bourbon Jean-marie) | @kmkz_security # Vendor Homepage: http://grr.devome.com/fr/ # Software Link: http://grr.devome.co

[FD] SeaWell Networks Spectrum - Multiple Vulnerabilities

About SeaWell Networks Spectrum Session Delivery Control SeaWell set out to improve the way operators control, monetize and scale their IP video offerings, to meet the growing subscriber demands for video delivered to smartphones, tablets and game consoles. The result – Spectrum – is what we cal

[FD] Administrator auto-logout design flaw in ASUS wireless routers

ASUS wireless routers have an optional feature (beginning with firmware 3.0.0.4.374_5656, dated April 2014) to log the administrator out after a period of idle time. While there are scenarios where you might want to keep an idle logged-in session, remaining logged in makes it possible for a malicio