IT Security

Router D-Link DVA-5592 – Authentication Bypass

INFO Vendor: D-Link Italia Product: Router DVA-5592 Firmware: DVA-5592_A1_WI_20180823 CVE: 2018-17777 DESCRIPTION In the router D-Link DVA-5592 it is possible to bypass the web authentication form. The problem is the path /ui/cbpc/login, because it is accessible without authentication. If the router’s owner has not changed the Parental Control PIN, it is possible to access to the Continue reading Router D-Link DVA-5592 – Authentication Bypass

HTML Injection in Signal Desktop 1.10.1

A few days ago some researchers discovered an HTML Injection vulnerability in Signal Desktop and they wrote a public disclosure. The Signal team quickly released an update on May 11th, the problem was in the file /js/views/message_view.js. Reading the changes to message_view.js, it seemed that the Signal team had only fixed the “problem of the URL“.  So, maybe, Continue reading HTML Injection in Signal Desktop 1.10.1