Latest Posts

Cynet 360 Uses Insecure Control Channels
Writing (and backdooring) a ChaCha20 based CSPRNG
The Pitfalls of Building an Elasticsearch backed Search Engine
Building a Raspberry Pi Based Music Kiosk
Recovering files from SD Cards and How to protect yourself

This site should work without Javascript enabled. If you find something doesn't, please Contact Me.

Security

Cynet 360 Uses Insecure Control Channels	23 April 2020
Spamhaus still parties like it's 1999	16 October 2019
Twitter Screws Up With Data It Shouldn't Hold	09 October 2019
The Curious Case of BitFi and Secret Persistence	16 July 2019
A guide to designing Account Security Mechanisms	26 March 2017
Don't Use Web2Tor/Tor2Web (especially Onion.cab)	04 March 2017
The State of Mobile Banking (in the UK)	21 June 2016
The DVLA is routinely sending sensitive details via email	28 December 2014
Understanding Password Storage	22 June 2014
My Own Little HeartBleed Headache	19 April 2014

Page 1 of 3

Start
Prev
1
2
3
Next
End

Recent CVEs

CVE-2011-1805
CVE-2011-2863
CVE-2014-7173 (farlinx_x25_gateway_firmware)
CVE-2014-7174 (farlinx_x25_gateway_firmware)
CVE-2014-7175 (farlinx_x25_gateway_firmware)
CVE-2014-8937 (lexiglot)
CVE-2014-8938 (lexiglot)
CVE-2014-8939 (lexiglot)
CVE-2014-8940 (lexiglot)
CVE-2014-8941 (lexiglot)

Return to listing

CVE-2011-1805

Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2011-2863

Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2014-7173 (farlinx_x25_gateway_firmware)

FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.

CVE-2014-7174 (farlinx_x25_gateway_firmware)

FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.

CVE-2014-7175 (farlinx_x25_gateway_firmware)

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.

CVE-2014-8937 (lexiglot)

Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.

CVE-2014-8938 (lexiglot)

Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.

CVE-2014-8939 (lexiglot)

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.

CVE-2014-8940 (lexiglot)

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.

CVE-2014-8941 (lexiglot)

Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.

Latest Posts

Cynet 360 Uses Insecure Control Channels
Writing (and backdooring) a ChaCha20 based CSPRNG
The Pitfalls of Building an Elasticsearch backed Search Engine
Building a Raspberry Pi Based Music Kiosk
Recovering files from SD Cards and How to protect yourself

License Details
Privacy Policy
Cookies
Stored Data
Sitemap

Donations BTC: 14hJYqCNLi7yJH8QkUqB2VEg3jx4pXBN5X / https://paypal.me/BTasker

Based on a template by JoomSpirit, customised by B Tasker

JoomSpirit

About this template