Category Archives: Computer & Web Technology

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities Exploit Title: CVE-2015-2349 – SuperWebMailer /defaultnewsletter.php” HTMLForm Parameter XSS Web Security Vulnerabilities Product: SuperWebMailer Vendor: SuperWebMailer Vulnerable Versions: 5.*.0.* 4.*.0.* Tested Version: 5.*.0.* 4.*.0.* Advisory Publication: March 11, 2015 Latest … Continue reading

Posted in Computer & Web Technology, IT Technology, Web Application Technology | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

Originally posted on Computer & Web Vulnerabilities:
? Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities ? Exploit Title: Feed2JS v1.7 magpie_debug.php? &url parameter XSS Security Vulnerabilities Product: Feed2JS Vendor: feed2js.org Vulnerable Versions: v1.7 Tested Version: v1.7 Advisory Publication: May…

Posted in Computer & Web Technology | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Originally posted on computer pitch:
? Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities ? Exploit Title: Opoint Media Intelligence click.php? &noblink parameter URL Redirection Security Vulnerabilities Vendor: Opoint Product: Opoint Media Intelligence Vulnerable Versions: Tested Version:…

Posted in Computer & Web Technology | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

Originally posted on computer pitch:
? NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities ? Exploit Title: NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2…

Posted in Computer & Web Technology, Directory Traversal | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

NetCat CMS 3.12 HTML Injection Security Vulnerabilities

Originally posted on computer pitch:
? NetCat CMS 3.12 HTML Injection Security Vulnerabilities ? Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3…

Posted in Computer & Web Technology | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities

Originally posted on computer pitch:
? Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities ? Exploit Title: Webs ID /login.jsp &error Parameter Reflected XSS (Cross-site Scripting) Security Vendor: Webs, Inc Product: Webs ID Vulnerable Versions: Tested Version: Advisory Publication: April…

Posted in Computer & Web Technology | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

Comsenz SupeSite CMS Stored XSS (Cross-site Scripting) Security Vulnerabilities

Originally posted on computer pitch:
? Comsenz SupeSite CMS 7.0 Stored XSS (Cross-site Scripting) Security Vulnerabilities ? Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities Product: Supesite CMS (Content Management System) Vendor: ComSenz Vulnerable Versions: 6.0.1UC 7.0 Tested…

Posted in Computer & Web Technology | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS Product: TennisConnect COMPONENTS System Vendor: TennisConnect Vulnerable Versions: 9.927 Tested Version: 9.927 Advisory Publication: Nov 18, 2014 Latest Update: Nov 18, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8490 … Continue reading

Posted in Computer & Web Technology | Tagged , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: JCE-Tech “Video Niche Script” /view.php Multiple Parameters XSS Product: “Video Niche Script” Vendor: JCE-Tech Vulnerable Versions: 4.0 Tested Version: 4.0 Advisory Publication: Nov 18, 2014 Latest Update: Nov 18, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8752 CVSS … Continue reading

Posted in Computer & Web Technology | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

ヤフーYahoo.co.jpオープンリダイレクトセキュリティ脆弱性

ヤフーYahoo.co.jpオープンリダイレクトセキュリティ脆弱性   ドメイン: http://www.yahoo.co.jp     脆弱性の概要: 2オープンリダイレクト攻撃脆弱Yahoo.co.jp氷。 脆弱性があることをoccure “/ YJ-アフィリエイト入国? 」 「 VIEW_URL “パラメータのあるページ。 以下は試験のためのWebページのいずれかを使用します。ウェブページアドレスは「http://www.inzeed.com/kaleidoscope 」です。 thatthisウェブページに悪意があるとします。 脆弱URL: http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030344&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http%3A%2F%2Fshopping.yahoo.co.jp POC : http://order.store.yahoo.co.jp/cgi-bin/yj-affiliate-entry?ITRACK_INFO=087836355102152107140219030330&COOKIE_PATH=/&COOKIE_DOMAIN=.yahoo.co.jp&VIEW_URL=http://www.inzeed.com/kaleidoscope POC動画: https://www.youtube.com/watch?v=2SM78WKAVr8&feature=youtu.be   によって報告された: ジン王 (Wang Jing)、物理的および数理科学の学校、南洋理工大学、シンガポール http://www.tetraph.com/wangjing ブログの詳細: http://seclists.org/fulldisclosure/2014/Dec/88 http://securityrelated.blogspot.com/2014/12/yahoo-yahoocojp-open-redirect-security.html http://securityrelated.blogspot.com/2014/12/yahoo-yahoocom-yahoocojp-open-redirect.html https://biyiniao.wordpress.com/2015/01/20/%E3%83%A4%E3%83%95%E3%83%BCyahoo-co-jp http://mathswift.blogspot.com/2014/12/yahoocojp.html

Posted in Computer & Web Technology | Leave a comment