Advisories
      • Insecure Redirect in .NET Form Authentication
        Mon, 16 Feb 2012 -Irene Abezgauz, Seeker Research Center
        An Insecure Redirect vulnerability has been identified in the .NET Form Authentication - in the Redirect From Login mechanism. This vulnerability allows an attacker to craft links that contain redirects to malicious sites in the ReturnURL parameter.


      • Cross Site Scripting in Microsoft SharePoint 2007
        Tue, 13 Sep 2011 -Irene Abezgauz, Seeker Research Center
        A Cross Site Scripting vulnerability has been identified in Microsoft SharePoint 2007. This vulnerability allows attackers to gain control over valid user accounts, perform operations on their behalf, redirect them to malicious sites, steal their credentials, and more.


      • Insecure Redirect in Microsoft Sharepoint
        Tue, 13 Sep 2011 -Irene Abezgauz, Seeker Research Center
        An Insecure Redirect vulnerability has been identified in Microsoft SharePoint shared infrastructure. This vulnerability allows an attacker to craft links that contain redirects to malicious sites in the source parameter used throughout SharePoint portal.


  • Cross Site Scripting Vulnerability in IBM WebSphere Portal Server & Lotus WCM
    Wed, 24 Feb 2010 -Oren Hafif, Application Security Consultant
    During a penetration test performed by quotium' experts, certain vulnerabilities were identified in an IBM Websphere Portal Server and Lotus Web Content Management deployment. Further research has identified that the login page of the IBM Lotus Workplace Web Content Management is vulnerable to Reflected Cross Site Scripting attacks.
  • Persistent Cross Site Scripting in Microsoft SharePoint Portal
    Mon, 22 Feb 2010 -Irene Abezgauz, Senior Consultant & Account Manager
    During a penetration test performed by quotium' experts, a persistent cross-site scripting vulnerability was identified in the SharePoint document handling module. This vulnerability allows attackers to gain control over valid user accounts, perform operations on their behalf, redirect them to malicious sites, steal their credentials, and more.


  • Cross Site Scripting in Oracle E-Business Suite
    Tue, 9 Feb 2010 -Gil Cohen, Security Services
    During a penetration test performed by quotium' experts, certain vulnerabilities were identified in an Oracle E-Business Suite deployment. Further research has identified that a web interface showing user errors are vulnerable to reflected cross site scripting attacks.


  • Multiple Vulnerabilities Allow Remote Takeover of Oracle eBusiness Suite Administrative Interface
    Mon, 14 Dec 2009 -Shay Chen, Technical Leader, Security Services
    quotium research has identified multiple vulnerabilities in the Oracle eBusiness Suite deployment. Further research has identified several vulnerabilities which, combined, can allow an unauthenticated remote user to take over and gain full control over the administrative web user account of the Oracle eBusiness Suite.
  • Security Advisory: CA CleverPath SQL Injection
    Thu, 18 Jan 2007 -Irene Abezgauz, Senior Consultant & Account Manager
    A vulnerability to an SQL Injection attack has been found in the CA CleverPath Portal that enables a malicious attacker to access confidential data from the database using binary search techniques. This vulnerability, due to insufficient filtering of SQL search queries, affects multiple CA and 3rd party products embedded in the CleverPath Portal.


  • Security Advisory: Struts Error Message Cross Site Scripting
    Thu, 03 Nov 2005 -Irene Abezgauz, Senior Consultant & Account Manager
    When attempting to access a non-existent Struts action URL, the Struts request handler generates an error echoing the path of the requested action, exposing internal data to Cross Site Scripting attacks.

 
1 2 3