IPFire < 2.19 Core Update 101 suffers from Remote Command Execution vulnerability (RCE - reverse-shell) and Cross-Site Scripting (XSS).

After months (years?) without analyzing any Linux routers / firewalls distributions like pfSense, m0n0wall, IPCop, Read more

The generic error page of the Red Hat customer portal suffers from a Cross-Site Scripting vulnerability to steal users credential in plaintext.

As part of my personal projects, as during my professional activity, it is not uncommon that I sign on RedHat sites to download resources (or find solutions to more or less twisted bugs.

Read more

SSO authentication page of one of Fortigate IdP presents a Cross-Site Scripting vulnerability which can be used to steal user credentials in plaintext.

Companies and current majors turn increasingly to identity federation. A central and single repository containing users credentials (login / password) like LDAP, AD, etc., a single web application centralized authentication (commonly referred to IdP for.

Read more

Sorry, this entry is only available in Read more