Skip to main content

Posts

Google Blogger- Insecure Implementation of Request Limiter | Google Honourable Mentions | Rishu Ranjan

The security issue allows a malicious actor to bypass the naive security implementation of rate limiters. This allows an attacker to abuse the functionality of profile view count and increases them indefinitely. The following are the steps to reproduce wherein I have used my own blogger account (https://www.blogger.com/profile/09844396241453600561)


CVE-2018-12653: Reflected Cross Site Scripting(XSS) in Adrenalin 5.4 HRMS Software | SSRSDynamicEditReports [issue 5 of 5]

As cyber security professional, I come across many various vulnerabilities from critical to low and sometimes informational(How to categorize- CVSS v3). Sometime back I was doing as usual my security assessment activity for a Bank(Confidential) for their HRMS web application which was 3rd party software whose vendor was "Adrenalin".

CVE ID: CVE-2018-12653
Vulnerability Name: Reflected Cross Site Scripting(XSS)
Product: Adrenalin HRMS
Affected Version: 5.4.0
Credits: Rishu Ranjan

CVE-2018-12652: Reflected Cross Site Scripting(XSS) in Adrenalin 5.4 HRMS Software | LeaveEmployeeSearch [issue 4 of 5]

As cyber security professional, I come across many various vulnerabilities from critical to low and sometimes informational(How to categorize- CVSS v3). Sometime back I was doing as usual my security assessment activity for a Bank(Confidential) for their HRMS web application which was 3rd party software whose vendor was "Adrenalin".

CVE ID: CVE-2018-12652
Vulnerability Name: Reflected Cross Site Scripting(XSS)
Product: Adrenalin HRMS
Affected Version: 5.4.0
Credits: Rishu Ranjan

CVE-2018-12651: Reflected Cross Site Scripting(XSS) in Adrenalin 5.4 HRMS Software | ShiftEmployeeSearch [issue 3 of 5]

As cyber security professional, I come across many various vulnerabilities from critical to low and sometimes informational(How to categorize- CVSS v3). Sometime back, I was doing as usual my security assessment activity for a Client (Confidential) for their HRMS web application which was 3rd party software whose vendor was "Adrenalin".