Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Diaries by Keyword Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

LANDESK COMMAND INJECTION XSS

2010-02-06Guy BruneauLANDesk Management Gateway Vulnerability

LANDESK

2010-02-06/a>Guy BruneauLANDesk Management Gateway Vulnerability

COMMAND

2020-02-14/a>Xavier MertensKeep an Eye on Command-Line Browsers
2019-07-16/a>Russ McReeCommando VM: The Complete Mandiant Offensive VM
2018-07-30/a>Xavier MertensExploiting the Power of Curl
2018-05-02/a>Russ McReeWindows Commands Reference - An InfoSec Must Have
2016-07-26/a>Johannes UllrichCommand and Control Channels Using "AAAA" DNS Records
2016-04-15/a>Xavier MertensWindows Command Line Persistence?
2015-10-12/a>Guy BruneauCritical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2013-02-17/a>Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2010-02-06/a>Guy BruneauLANDesk Management Gateway Vulnerability
2010-01-27/a>Raul SilesCommand Line Kung Fu

INJECTION

2019-09-06/a>Xavier MertensPowerShell Script with a builtin DLL
2018-09-28/a>Xavier MertensMore Excel DDE Code Injection
2018-09-05/a>Xavier MertensMalicious PowerShell Compiling C# Code on the Fly
2018-02-08/a>Bojan ZdrnjaSQL injection and division by zero exceptions
2017-05-05/a>Xavier MertensHTTP Headers... the Achilles' heel of many applications
2016-02-15/a>Bojan ZdrnjaExploiting (pretty) blind SQL injections
2013-10-19/a>Johannes UllrichYet Another WHMCS SQL Injection Exploit
2013-07-16/a>Johannes UllrichWhy don't we see more examples of web app attacks via POST?
2013-02-17/a>Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2013-01-25/a>Johannes UllrichVulnerability Scans via Search Engines (Request for Logs)
2013-01-09/a>Rob VandenBrinkSQL Injection Flaw in Ruby on Rails
2012-10-05/a>Richard PorterReports of a Distributed Injection Scan
2012-07-31/a>Daniel WesemannSQL injection, lilupophilupop-style
2011-12-01/a>Mark HofmanSQL Injection Attack happening ATM
2011-06-06/a>Johannes UllrichThe Havij SQL Injection Tool
2011-04-19/a>Bojan ZdrnjaSQL injection: why can’t we learn?
2011-04-01/a>John BambenekLizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
2010-12-02/a>Kevin JohnsonSQL Injection: Wordpress 3.0.2 released
2010-08-15/a>Manuel Humberto Santander PelaezObfuscated SQL Injection attacks
2010-06-09/a>Deborah HaleMass Infection of IIS/ASP Sites
2010-02-06/a>Guy BruneauLANDesk Management Gateway Vulnerability
2009-07-16/a>Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-05-19/a>Bojan ZdrnjaAdvanced blind SQL injection (with Oracle examples)
2009-05-09/a>Patrick NolanShared SQL Injection Lessons Learned blog item
2009-04-21/a>Bojan ZdrnjaWeb application vulnerabilities
2009-02-11/a>Robert DanfordProFTPd SQL Authentication Vulnerability exploit activity
2008-12-12/a>Johannes UllrichMSIE 0-day Spreading Via SQL Injection
2008-12-01/a>Jason LamInput filtering and escaping in SQL injection mitigation
2008-11-20/a>Jason LamLarge quantity SQL Injection mitigation
2008-09-29/a>Daniel WesemannASPROX mutant
2008-09-01/a>John BambenekThe Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
2008-08-23/a>Mark HofmanSQL injections - an update
2008-08-08/a>Mark HofmanMore SQL Injections - very active right now
2008-07-24/a>Bojan ZdrnjaWhat's brewing in Danmec's pot?
2008-06-30/a>Marcus SachsMore SQL Injection with Fast Flux hosting
2008-06-24/a>Jason LamSQL Injection mitigation in ASP
2008-06-24/a>Jason LamMicrosoft SQL Injection Prevention Strategy
2008-06-23/a>donald smithPreventing SQL injection
2008-06-13/a>Johannes UllrichSQL Injection: More of the same
2008-05-20/a>Raul SilesList of malicious domains inserted through SQL injection
2008-04-24/a>donald smithHundreds of thousands of SQL injections
2008-04-16/a>Bojan ZdrnjaThe 10.000 web sites infection mystery solved
2008-03-14/a>Kevin Liston2117966.net-- mass iframe injection
2008-01-09/a>Bojan ZdrnjaMass exploits with SQL Injection
2007-02-24/a>Jason LamPrepared Statements and SQL injections

XSS

2015-10-20/a>Bojan ZdrnjaWhen encoding saves the day
2015-06-25/a>Bojan ZdrnjaWeb security subtleties and exploitation of combined vulnerabilities
2014-03-27/a>Alex StanfordMass XSSodus in PHP
2013-05-08/a>Johannes Ullrich"De Flashing" the ISC Web Site and Flash XSS issues
2013-02-17/a>Guy BruneauHP ArcSight Connector Appliance and Logger Vulnerabilities
2013-02-11/a>John BambenekIs This Chinese Registrar Really Trying to XSS Me?
2013-02-04/a>Russ McReeAn expose of a recent SANS GIAC XSS vulnerability
2012-06-12/a>Johannes UllrichThe bane of XSS
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-04-21/a>Guy BruneauWordPress Release Security Update
2012-03-07/a>Guy BruneauReflected XSS in Splunk Web Affecting Version 4.0 to 4.3
2012-01-05/a>Russ McReeWordPress 3.3.1 fixes 15 issues with WordPress 3.3 including XSS. Download 3.3.1 or visit Dashboard --> Updates in your site admin panel.
2011-08-24/a>Rob VandenBrinkCitrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2010-07-04/a>Bojan ZdrnjaStored XSS vulnerability on YouTube actively abused?
2010-04-30/a>Kevin ListonCVE-2010-0817 SharePoint XSS Scorecard
2010-02-06/a>Guy BruneauLANDesk Management Gateway Vulnerability
2010-02-02/a>Guy BruneauCisco Secure Desktop Remote XSS Vulnerability
2009-07-10/a>Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-04-13/a>Bojan ZdrnjaTwitter worm copycats
2009-04-12/a>Patrick NolanTwitter Worm(s)
2006-10-05/a>Swa FrantzenMS06-053 revisited ?