other page actions:
sorted by: recent | see :
popular
Content Tagged flaw
XSS in Linksys SPA941
Cross Scripting in an IP Phone? Of course - it has an HTTP interface!What's more is that the HTTP interface shows a call history. The call history page makes use of information gathered from the SIP messages themselves to display which numbers tried to call the phone.
This post on full-disclosure mailing list shows how this feature can be abused so that malformed SIP messages are able to inject html scripts in the web interface itself.
This is a reminder that when changing from one format or protocol to another, the underlying code needs to make sure that the data is properly escaped. In this case, the http server or underlying scripts need to escape the miss call entries for html characters.
XSS in Linksys SPA941
Cross Scripting in an IP Phone? Of course - it has an HTTP interface!What's more is that the HTTP interface shows a call history. The call history page makes use of information gathered from the SIP messages themselves to display which numbers tried to call the phone.
This post on full-disclosure mailing list shows how this feature can be abused so that malformed SIP messages are able to inject html scripts in the web interface itself.
This is a reminder that when changing from one format or protocol to another, the underlying code needs to make sure that the data is properly escaped. In this case, the http server or underlying scripts need to escape the miss call entries for html characters.
MacNN | Samba security flaw affects Mac OS X
"The DeepSight Threat Analyst Team successfully exploited the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application," Symantec wrote in an alert to customers of its threat network.
Security
symantec
threat
MacNN
fromMyRSSFeeds
flaw
deepsight
Page 1 | Next >>
