Google Alert - site: portswigger.net/daily-swig/vulnerabilities

Google Roulette: Developer console trick can trigger XSS in Chromium browsers

Read full post . . . or http://www.go-que.com/google-roulette-developer-console-trick-can-trigger-xss-in-chromium-browsers

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/google-roulette-developer-console-trick-can-trigger-xss-in-chromium-browsers&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw007JeTo8bpcSY0fxE7xv4D

Malicious actors can stage cross-site scripting (XSS) attacks across the … exploitable in the real world,” Bentkowski told The Daily Swig. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/google-roulette-developer-console-trick-can-trigger-xss-in-chromium-browsers&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw007JeTo8bpcSY0fxE7xv4D

F5 fixes high severity RCE bug in BIG-IP, BIG-IQ devices | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/f5-fixes-high-severity-rce-bug-in-big-ip-big-iq-devices-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/f5-fixes-high-severity-rce-bug-in-big-ip-big-iq-devices&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1k-K5IfcopVvx-8aXzVuah

The vulnerability (CVE-2022-41622) leaves BIG-IP and BIG-IQ vulnerable to unauthenticated RCE via cross-site request forgery (CSRF) because … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/f5-fixes-high-severity-rce-bug-in-big-ip-big-iq-devices&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1k-K5IfcopVvx-8aXzVuah

Zendesk Explore flaws opened the door to account pillage | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/zendesk-explore-flaws-opened-the-door-to-account-pillage-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/zendesk-explore-flaws-opened-the-door-to-account-pillage&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3-IRCLJcoycmx_YU_0Tjcn

The vulnerable Zendesk Explore facility is not enabled by default but still widely used because it powers the analytic insights page of the CRM … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/zendesk-explore-flaws-opened-the-door-to-account-pillage&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3-IRCLJcoycmx_YU_0Tjcn

Mastodon users vulnerable to password-stealing attacks | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/mastodon-users-vulnerable-to-password-stealing-attacks-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/mastodon-users-vulnerable-to-password-stealing-attacks&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3FkRfDvuEZCVTr4lYsHyFV

“In a real attack the credentials will be stored and the user redirected back to the site.” Mitigations. Any Mastodon instance using the Gitch fork of … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/mastodon-users-vulnerable-to-password-stealing-attacks&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3FkRfDvuEZCVTr4lYsHyFV

All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of …

Read full post . . . or http://www.go-que.com/all-day-devops-third-of-log4j-downloads-still-pull-vulnerable-version-despite-threat-of

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/all-day-devops-third-of-log4j-downloads-still-pull-vulnerable-version-despite-threat-of-supply-chain-attacks&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0gd9b5AV5DfCRyDxJWkWD2

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach. rrr. Shutting the proverbial back door to your … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/all-day-devops-third-of-log4j-downloads-still-pull-vulnerable-version-despite-threat-of-supply-chain-attacks&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0gd9b5AV5DfCRyDxJWkWD2

CSRF in Plesk API enabled server takeover | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/csrf-in-plesk-api-enabled-server-takeover-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/csrf-in-plesk-api-enabled-server-takeover&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0SaWZ60FCj9SNygialfcHF

Bugs in programming interfaces of web hosting admin tool patched. Researchers discovered a series of web security flaws in the REST API of popular … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/csrf-in-plesk-api-enabled-server-takeover&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0SaWZ60FCj9SNygialfcHF

Prototype pollution project yields another Parse Server RCE | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/prototype-pollution-project-yields-another-parse-server-rce-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/prototype-pollution-project-yields-another-parse-server-rce&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw18_ipZGr28mAMKhEH_neL4

Bug emerges from ambition to find ‘end-to-end exploits beyond DoS’ https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/prototype-pollution-project-yields-another-parse-server-rce&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw18_ipZGr28mAMKhEH_neL4

Google Pixel screen-lock hack earns researcher $70k | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/google-pixel-screen-lock-hack-earns-researcher-70k-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/google-pixel-screen-lock-hack-earns-researcher-70k&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1CyNvXhqRLz63Z2bOjm0TM

Android security pwned by PUK reset trick. A security researcher earned a bug bounty payout for a Google Pixel lock screen bypass vulnerability. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/google-pixel-screen-lock-hack-earns-researcher-70k&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw1CyNvXhqRLz63Z2bOjm0TM

CSS injection flaw patched in Acronis cloud management console | The Daily Swig

Read full post . . . or http://www.go-que.com/css-injection-flaw-patched-in-acronis-cloud-management-console-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/css-injection-flaw-patched-in-acronis-cloud-management-console&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw19PzRBaaBnww7kYetuJKJ_

The type of bug depends on how the JavaScript handles the user input and the purpose of that parameter. “For example, in Acronis, the vulnerable page … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/css-injection-flaw-patched-in-acronis-cloud-management-console&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw19PzRBaaBnww7kYetuJKJ_

Prototype pollution bug exposed Ember.js applications to XSS | The Daily Swig

Read full post . . . or http://www.go-que.com/prototype-pollution-bug-exposed-ember-js-applications-to-xss-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/prototype-pollution-bug-exposed-ember-js-applications-to-xss&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3IkYTLPXAzPX0O0A5yKjfM

In the case of Ember.js, the prototype pollution vulnerability could potentially allow attackers to stage cross-site scripting (XSS) attacks and … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/prototype-pollution-bug-exposed-ember-js-applications-to-xss&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3IkYTLPXAzPX0O0A5yKjfM

Go Que Newsroom

Categories