|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
research
procheckup.com
Date: Fri Sep 28 2007 - 06:21:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!
In the paper we only cover new vulnerabilities affecting older _and_ the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43):
System-wide Cross-site Request Forgeries (CSRF) – any admin action can be forged by design!
Non-persistent Cross-site Scripting (XSS) on 404 error pages
Persistent cross-site Scripting (XSS) on the network settings page
Persistent cross-site Scripting (XSS) on the video viewing page
Persistent cross-site Scripting (XSS) on the logs viewing facility
For more info please see: http://www.procheckup.com/Vulnerability_2007.php
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]