Monthly Archives: February 2015

CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability

Posted on 2015-02-26 by essaybeans

Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities Product: SmartCMS v.2 Vendor: Smartwebsites Vulnerable Versions: v.2 Tested Version: v.2 Advisory Publication: Jan 22, 2015 Latest Update: Jan 22, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in … Continue reading →

Posted in Computer & Web Technology | Tagged 0-day, application, browser, bug flaw, code programming, coding, computer, cyber-security, database, hacker, information, internet, IT, php, scripting, technology, test, web, website, white-hat | Leave a comment

VE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Security Vulnerability

Posted on 2015-02-21 by essaybeans

Originally posted on INZEED Business Information & Counsel:
VE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Vulnerability Product: WordPress Ad-Manager Plugin Vendor: CodeCanyon Vulnerable Versions: 1.1.2 Tested Version: 1.1.2 Advisory Publication: Nov…

Posted in Computer & Web Technology | Tagged 0day-exploit, attack-defense, bug-vulnerability, Computer Science, Computer Security, computer-engineering, crime-prevent, cve-information, cyber-intelligence, cyber-security, hacker-prevention, IEEE, Internet-information, IT-news, mas, math student, PHP Code, singapore, spms, wangjing, web-application-test, whitehat-technology | Leave a comment

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities

Posted on 2015-02-16 by essaybeans

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities Vulnerability Description: About.com all “topic sites” are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross Frame … Continue reading →

Posted in Computer Technology, Open Redirect, XFS, XSS | Tagged 0day-exploit, 99.88% links, About Group, about.com, All Topics, computer-engineering, cross-site, Cyber Bugs, Iframe Injection, IT Topics, jing wang, justqdjing, Multiple Vulnerabilities, Security Bugs, whitehat | Leave a comment

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击

Posted on 2015-02-11 by essaybeans

About Group 网站有一个严重的网络安全问题，它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。根据漏洞研究者发布的结果和POC视频，所有About.com的话题(子域名)都可以被攻击者利用。新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号，他向 About Group 做了报告，但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止，漏洞还没有被修复” 王晶说。与此同时，王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外，他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE (10.0.9200.16750) 和 Mozilla 的 Firefox … Continue reading →

Posted in Computer & Web Technology, Essay | Tagged 0-day漏洞, 白帽子测试信息, 网站 Exploit, 网站攻击防护, 问答网站, 计算机网络漏洞, 计算机工程代码测试, 黑客攻击技术, IEEE 研究, IT安全技术新闻, Open Redirect, PHP-代码-bug, wangjing，About Group, XFS, XSS, 客户端攻击, 应用开发注意, 攻击防护研究 | Leave a comment

CVE-2014-2452 Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS Security Vulnerability

Posted on 2015-02-03 by essaybeans

Originally posted on INZEED Business Information & Counsel:
CVE-2014-2452 Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS Security Vulnerability Exploit Title: Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS Security Vulnerability Product: Access Manager component in Oracle Fusion…

Posted in CVE, DOS | Tagged 0-day, Application Exploit, browser, Computer Science, Computer Security, cyber-security, Database Tech, Hacker Research, Information Security, Internet Testing, IT Security, IT Technology, PHP Code, Scripting Programming, vulnerability, Web Development, Web Flaw, Web Security, Website Bug, white-hat | Leave a comment

CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities

Posted on 2015-02-01 by essaybeans

CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities Vendor: My Little Forum Product: My Little Forum Vulnerable Versions: 2.3.3 2.2 1.7 Tested Version: 2.3.3 2.2 1.7 Advisory Publication: … Continue reading →

Posted in Celebration, Web Application Technology | Tagged 0-day, 1475, 2.3.3, 2015, application, attack, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, forum, hacker, IT vulnerability, my little, PHP Code, problem, scripting, testing, whitehat, XSS | Leave a comment

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities

Posted on 2015-02-01 by essaybeans

CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities Exploit Title: OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability Vendor: OptimalSite Product: OptimalSite Content Management System (CMS) Vulnerable Versions: V.1 V2.4 Tested Version: V.1 V2.4 … Continue reading →

Posted in IT Technology, Web Application Technology | Tagged 0day-exploit, attack-defense, bug-vulnerability, Computer Science, Computer Security, computer-engineering, crime-prevent, cve-information, cyber-intelligence, cyber-security, hacker-prevention, IEEE, Internet-information, IT-news, math student, PHP Code, wangjing, web-application-test, whitehat-technology, XSS | Leave a comment