Cross-Site Scripting Archives

Pierluigi Paganini November 08, 2018

XSS flaw in Evernote allows attackers to execute commands and steal files

Security expert discovered a stored XSS flaw in the Evernote app for Windows that could be exploited to steal files and execute arbitrary commands. A security expert that goes online with the moniker @sebao has discovered a stored cross-site scripting (XSS) vulnerability in the Evernote application for Windows that could be exploited by an attacker to steal files and execute […]

Pierluigi Paganini September 22, 2016

BT Wi-Fi extender, extends to XSS and password changing vulnerabilities

Following an investigation by Pen Test Partners, British Telecom (BT) has released a firmware upgrade for their popular range of Wi-Fi extenders. The investigation uncovered vulnerabilities within the firmware when left the device exposed to possible XSS (Cross Site Scripting) Exploits as well as the ability to change the user’s password without notification. By combining […]

Pierluigi Paganini July 08, 2016

Flaws in BMW ConnectedDrive Infotainment System allow remote hack

A research discovered two zero-day vulnerabilities residing in the official BMW web domain and ConnectedDrive portal that allow remote hack. Once again IoT devices are affected by a serious flaw that could be exploited by hackers to compromise them, this time we speak of Car Hacking. Almost any modern connected vehicle uses a drive-by-wire system that […]

Pierluigi Paganini July 22, 2015

Joomla Helpdesk Pro flaws leave systems vulnerable to several attacks

The Outpost24 team has identified several vulnerabilities that affect Joomla HelpDesk Pro extension, the flaws can lead to remote code execution on servers. Kasper Bertelsen, a security researcher at Outpost24 has discovered a number of vulnerabilities in the Joomla Helpdesk Pro extension which can lead to remote code execution on servers. The Helpdesk Pro Joomla extension is developed […]

Pierluigi Paganini February 13, 2015

How to remotely install malicious apps on Android devices

Security researchers discovered how to install and launch malicious applications remotely on Android devices exploiting two flaws. Security researchers have uncovered a couple of vulnerabilities in the Google Play Store that could allow cyber criminals to install and launch malicious apps remotely on Android mobile devices. The expert Tod Beardsley, technical lead for the Metasploit […]

Pierluigi Paganini February 11, 2015

Exploiting Vulnerabilities in WordPress plugins, a cybercrime trend

A serious vulnerability in the FancyBox WordPress plugin makes it easy for a hacker to compromise any website based on the popular CMS. Last week SecurityWeek reported about another a zero-day flaw found in a WordPress plugin. This time, a new vulnerability found in the popular FancyBox for WordPress plugin could be exploited to inject […]

Pierluigi Paganini February 04, 2015

Severe XSS flaw affects fully patched Internet Explorer

Security experts discovered a new severe XSS flaw affects fully patched Internet Explorer and exposes users to risks of attacks and identity theft. A new critical cross-site scripting (XSS) vulnerability affects fully patched versions of Internet Explorer, the flaw could be exploited by hackers to steal user sensitive data (i.e. login credentials) and inject malicious […]

Pierluigi Paganini January 23, 2015

Google account hijacking via exploitation of XSS flaw

Security Expert Brett Buerhaus has discovered a critical flaw on admin.google.com, which could be exploited by to Hijack an account and disable 2FA Authentication. Even the giants have their Achilles heel, the Google Apps administrator console is affected by a critical cross-site scripting (XSS) vulnerability that could be exploited by attackers to force a Google Apps admins […]

Pierluigi Paganini December 19, 2014

Several critical security vulnerabilities affect the Glassdoor website

The security expert Mohamed M.Fouad discovered several critical security vulnerabilities at Glassdoor, which can lead to very harmful impact on all users. The Independent Security Researcher Mohamed M.Fouad has discovered a lot of critical security vulnerabilities at Glassdoor that could lead to very harmful impact on all users. Mohamed M.Fouad an Independent Security Researcher from Egypt. I […]

Pierluigi Paganini September 18, 2014

Adobe issued critical security updates for Acrobat and Reader PDF

Adobe with a week of delay on the roadmap has released security updates to fix critical vulnerabilities in Acrobat and Reader PDF. Adobe has finally released critical security updates for its products Reader and Acrobat PDF software. The vulnerabilities fixed with these updates have been targeted by hackers in numerous cyber attacks worldwide. The security updates […]