Security Findings

CVE Product Description Link
Ruby On Rails
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.
N/A (2014-04-14)
Sagem Fast 3304-V2
Sagem Fast is an ADSL Router using a web management interface in order to change configuration settings. The router is vulnerable to an authentification bypass bug which allows unprivileged users to modify the preconfigured root password then log in with administrator permissions.
N/A (2015-12-22)
Cross-site scripting (XSS) vulnerability if an attacker could convince a user to right-click on a broken image and choose “View Image” from the context menu then he could get javascript to run on a site of the attacker’s choosing by making the image src attribute a javascript: URL.
A user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page.

Security Research

Title Publication
Crowdsourced security, an efficient and cost-effective solution to augment your organization's security
[Contribution] Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty