Research

Security Advisories

CVE Product Description Link
CVE-2015-7580
Ruby On Rails
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node. https://hackerone.com/reports/81212
CVE-2016-5832
Wordpress
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. https://www.cvedetails.com/cve/CVE-2016-5832/
CVE-2015-8474
Redmine
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. https://www.redmine.org/issues/19577
N/A (2014-04-14)
Sagem Fast 3304-V2
Sagem Fast is an ADSL Router using a web management interface in order to change configuration settings. The router is vulnerable to an authentification bypass bug which allows unprivileged users to modify the preconfigured root password then log in with administrator permissions. https://www.exploit-db.com/exploits/32859
N/A (2015-12-22)
SeaMonkey
Cross-site scripting (XSS) vulnerability if an attacker could convince a user to right-click on a broken image and choose “View Image” from the context menu then he could get javascript to run on a site of the attacker’s choosing by making the image src attribute a javascript: URL. https://bugzilla.mozilla.org/show_bug.cgi?id=1234651

Research

Title Publication
Crowdsourced security, an efficient and cost-effective solution to augment your organization's security
https://www.youtube.com/watch?v=upqr869qGOY