Vulnerability Note VU#867980 Silver Peak VX is vulnerable to cross-site request forgery and cross-site scripting Original Release date: 28 Jul 2014 | Last revised: 28 Jul 2014 Overview Silver Peak VX version 184.108.40.206_47968 is vulnerable to cross-site request forgery and cross-site scripting. Description CWE-352 : Cross-Site Request Forgery (CSRF) – CVE-2014-2974 Silver Peak VX version 220.127.116.11_47968 contains a cross-site request forgery vulnerability in /php/user_account.php that allows an unauthenticated user to create a new administrator account. CWE-79 : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2014-2975 Silver Peak VX version 18.104.22.168_47968 also contains a reflected cross-site scripting vulnerability in /php/user_account.php that can allow an attacker to inject arbitrary HTML content (including scripts) via the vulnerable query string parameter user_idRead More...
- ISC StormCast for Thursday, July 31st 2014 http://isc.sans.edu/podcastdetail.html?id=4085, (Thu, Jul 31st) July 31, 2014
- Symantec Endpoint Protection Privilege Escalation Zero Day, (Wed, Jul 30th) July 30, 2014
- social blade dot com (youtube stats tracker) redirects to Nuclear Pack exploit kit, clever and insidious July 30, 2014
- value for money in a crowded market? NSA Ex-Director Touts $1m Per Month Security Service July 30, 2014
- Robert Graham:open-src isn't actually more secure: usability, deterministic builds and code-review are all against it July 30, 2014
Tagsapi apple archives article browser bruce schneier business china copyright development director downloads education enterprise events facebook feeds gfi government hackers hacking industry internet linkedin linux management mcafee microsoft network networks news opinion phishing podcasts science security social-media symantec team cyrmu technology united-kingdom united-states videos vulnerability windows