0x90

Information Security professional....

Downside of keeping everything public – ICWATCH

I have been writing and preaching about Social network information harvesting and why it is a bad thing (Check out the post here). I recently stumbled upon something, which is, publicly known though, but still worth mentioning. The mentioned “something” is a very good example of why too much information about one’s self is never …

Downside of keeping everything public – ICWATCH Read More »

Sitecore CMS v 8.2, cross site scripting & arbitrary file access

Hi folks, Multiple vulnerabilities were found in the Sitecore version 8.2. Which were reported to Sitecore CMS on the 5th of May,2017. A patch was released on the 27th of June, 2017. It is recommended to update the Sitecore CMS installation. The exploit is being made public after the patch has been released. Exploit:[CVE-2017-11439, CVE-2017-11440] …

Sitecore CMS v 8.2, cross site scripting & arbitrary file access Read More »

ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS)

[Re-post] Original Post, posted on: 15th Feb, 2014 on Xc0re blog. While going through the Icewarp client I found that  it is possible to inject malicious HTML Element tags into the email and cause a Cross site Scripting (XSS) payload to be executed. The versions that I tested on, were  : 11.0.0.0 (2014-01-25) x64  (http://demo.icewarp.com/) …

ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS) Read More »