Monthly Archives: February 2015

CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability

Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities Product: SmartCMS v.2 Vendor: Smartwebsites Vulnerable Versions: v.2 Tested Version: v.2 Advisory Publication: Jan 22, 2015 Latest Update: Jan 22, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in … Continue reading

Posted in Computer & Web Technology | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

VE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Security Vulnerability

Originally posted on INZEED Business Information & Counsel:
VE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Vulnerability Product: WordPress Ad-Manager Plugin Vendor: CodeCanyon Vulnerable Versions: 1.1.2 Tested Version: 1.1.2 Advisory Publication: Nov…

Posted in Computer & Web Technology | Tagged , , , , , , , , , , , , , , , , , , , , , | Leave a comment

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities   Vulnerability Description: About.com all “topic sites” are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross Frame … Continue reading

Posted in Computer Technology, Open Redirect, XFS, XSS | Tagged , , , , , , , , , , , , , , | Leave a comment

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击

About Group 网站有一个严重的网络安全问题,它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。 根据漏洞研究者发布的结果和POC视频,所有About.com的话题(子域名)都可以被攻击者利用。 新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号,他向 About Group 做了报告,但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止,漏洞还没有被修复” 王晶说。 与此同时,王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外,他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE (10.0.9200.16750) 和 Mozilla 的 Firefox … Continue reading

Posted in Computer & Web Technology, Essay | Tagged , , , , , , , , , , , , , , , , , | Leave a comment

CVE-2014-2452 Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS Security Vulnerability

Originally posted on INZEED Business Information & Counsel:
CVE-2014-2452 Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS Security Vulnerability Exploit Title: Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS Security Vulnerability Product: Access Manager component in Oracle Fusion…

Posted in CVE, DOS | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities

CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities Vendor: My Little Forum Product: My Little Forum Vulnerable Versions: 2.3.3 2.2 1.7 Tested Version: 2.3.3 2.2 1.7 Advisory Publication: … Continue reading

Posted in Celebration, Web Application Technology | Tagged , , , , , , , , , , , , , , , , , , , , , | Leave a comment

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities

  CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities Exploit Title: OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability Vendor: OptimalSite Product: OptimalSite Content Management System (CMS) Vulnerable Versions: V.1 V2.4 Tested Version: V.1 V2.4 … Continue reading

Posted in IT Technology, Web Application Technology | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment