Advisories
- 30.01.2017
- Advisory 08/2016: CONTENIDO - XSS Vulnerability
- 15.10.2016
- Advisory 07/2016: UliCMS - XSS Vulnerability
- 09.10.2016
- Advisory 06/2016: Open Upload - XSS Vulnerability
- 08.10.2016
- Advisory 04/2016: iTop - XSS Vulnerability
- 08.10.2016
- Advisory 03/2016: Collabtive - XSS Vulnerability
- 08.10.2016
- Advisory 02/2016: Forma LMS - XSS Vulnerability
Security Blog
-
How NOT to use HTML PurifierToday we learn how not to use HTML Purifier and not become lulled into false sense of security.
-
Dionaea Honeypot Obfuscation - Avoiding service identification
Since some days we work on a fork of the great Dionaea Honeypot.
-
IRC Botnets are not dead yetI thought IRC botnets were dead for some time but recently I was proved wrong.
-
Apache / PHP 5.x Remote Code Execution
We currently register more attacks on our honeypot system that want to exploit a specific vulnerability in Apache and PHP.
-
Glastopf Statistics Script
Here a small Script written in Python which sends Queries to the Glastopf Honeypot Database for printing out some interesting Statistics.
Projects
- Vulnerable Web
- This Site shows what kind of vulnerabilities exists and how to prevent security flaws in your applications.
- Online
- XSS Cheatsheet
- A collection of XSS attack vectors.
- Online
