Research

Security Advisories

CVE Product Description Link
CVE-2015-7580
Ruby On Rails
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node. https://hackerone.com/reports/81212
CVE-2016-5832
Wordpress
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. https://www.cvedetails.com/cve/CVE-2016-5832/
CVE-2015-8474
Redmine
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. https://www.redmine.org/issues/19577
N/A (2014-04-14)
Sagem Fast 3304-V2
Sagem Fast is an ADSL Router using a web management interface in order to change configuration settings. The router is vulnerable to an authentification bypass bug which allows unprivileged users to modify the preconfigured root password then log in with administrator permissions. https://www.exploit-db.com/exploits/32859

Research

Title Publication
Crowdsourced security, an efficient and cost-effective solution to augment your organization's security
https://www.youtube.com/watch?v=upqr869qGOY