XSS – Xc0re Security Research Group

TP-Link wireless router Archer C1200 – Cross-Site Scripting

Disclaimer: [This POC is for Educational Purposes , I would Not be responsible for any misuse of the information mentioned in this blog post] Hello folks. An Input validation vulnerability was found in TP-Link Archer c1200 v1.0, which results in client side code execution. [CVE-2018-13134] [+] Unauthenticated [+] Author: Usman Saeed (usman [at] xc0re.net) [+] Affected …

TP-Link wireless router Archer C1200 – Cross-Site Scripting Read More »

Oracle Web Center XSS

Hacking & Security / By Owais Mehtab

Oracle Web Center XSS Details ======================================================================================== Product: Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Security-Risk: High Remote-Exploit: yes Vendor-URL: https://www.oracle.com/ CVE-ID: CVE-2017-10075 CVSS: 8.2 Credits ======================================================================================== Discovered by: Owais Mehtab & Tayeeb Rana Affected Products: ======================================================================================== Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Description ======================================================================================== Two Cross site scripting (XSS) vulnerabilities have been identified in …

Oracle Web Center XSS Read More »

Sitecore CMS v 8.2, cross site scripting & arbitrary file access

Hacking & Security / By 0x90

Hi folks, Multiple vulnerabilities were found in the Sitecore version 8.2. Which were reported to Sitecore CMS on the 5th of May,2017. A patch was released on the 27th of June, 2017. It is recommended to update the Sitecore CMS installation. The exploit is being made public after the patch has been released. Exploit:[CVE-2017-11439, CVE-2017-11440] …

Sitecore CMS v 8.2, cross site scripting & arbitrary file access Read More »

ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS)

Webmails / By 0x90

[Re-post] Original Post, posted on: 15th Feb, 2014 on Xc0re blog. While going through the Icewarp client I found that it is possible to inject malicious HTML Element tags into the email and cause a Cross site Scripting (XSS) payload to be executed. The versions that I tested on, were : 11.0.0.0 (2014-01-25) x64 (http://demo.icewarp.com/) …

ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS) Read More »

ZyXEL P-660R-T1 V2 XSS Zeroday Vulnerability

Hacking & Security / By 0x90

I recently found a vulnerability in Zyxel P-660R T1 . Although the impact factor is quite low as it is an XSS (Cross site scripting) but still a vulnerability is a vulnerability . Xc0re Security Research Group Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this …

ZyXEL P-660R-T1 V2 XSS Zeroday Vulnerability Read More »