Kaleidoscope - InZeed

- Science, Technology, Article, Music, Poem, Essay, etc ...

Month – March 2015

CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities

  CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities   Exploit Title: CVE-2015-2066 DLGuard /index.php c parameter SQL Injection Web Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: February 18, 2015 Latest Update: May 01, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL […]

724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities   Exploit Title: 724CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01   4.01   4.59   5.01 Tested Version: 5.01 Advisory Publication: March 15, 2015 Latest Update: March 15, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact CVSS Severity […]

724CMS 5.01 Multiple SQL Injection Security Vulnerabilities

724CMS 5.01 Multiple SQL Injection Security Vulnerabilities   Exploit Title: 724CMS Multiple SQL Injection Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01   4.01   4.59   5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL […]

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities   Exploit Title: 724CMS /section.php Module Parameter Directory Traversal Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01   4.01   4.59   5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory […]

724CMS 5.01 Information Leakage Security Vulnerabilities

724CMS 5.01 Multiple Information Leakage Security Vulnerabilities   Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01   4.01   4.59   5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: * Impact CVSS Severity (version 2.0): […]

Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities

Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities   Exploit Title: Comsenz SupeSite CMS SQL Injection Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC   7.0 Tested Version: 7.0 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL […]

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities   Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL Redirection Security Vulnerabilities Vendor: Innovative Interfaces Inc Product: WebPAC Pro Vulnerable Versions: 2.0 Tested Version: 2.0 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: URL Redirection to Untrusted […]

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击

  About Group 网站有一个严重的网络安全问题,它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。   根据漏洞研究者发布的结果和POC视频,所有About.com的话题(子域名)都可以被攻击者利用。   新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号,他向 About Group 做了报告,但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止,漏洞还没有被修复” 王晶说。   与此同时,王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外,他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE (10.0.9200.16750) 和 Mozilla 的 Firefox (34.0), Ubuntu (14.04) 的 Google Chromium 39.0.2171.65-0, 以及 Mac OS X […]

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities

  CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities Exploit Title: DLGuard “/index.php?” “&c” parameter Full Path Disclosure Web Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: January 18, 2015 Latest Update: March 20, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: CVE-2015-2209 Impact CVSS Severity […]

醉清風 – 弦子 – 唯美空靈的音樂

醉清風 – 弦子 – 唯美空靈的音樂 喜歡醉清風空靈的意境,明月,清風,孤人,琴聲,把酒當歌,令人陶醉 特制作壹視頻,以為回憶。萬事萬物,誰是誰非,誰又能說清道明   歌曲 & 歌詞 醉清風 歌手:張弦子   月色正朦朧 與清風把酒相送 太多的詩頌 醉生夢死也空 和妳醉後纏綿 妳曾記得 亂了分寸的心動 怎麼只有這首歌 會讓妳輕聲合 醉清風 夢境的虛有 琴聲壹曲相送 還有沒有情濃 風花雪月顏容 和妳醉後纏綿 妳曾記得 亂了分寸的心動 蝴蝶去向無影蹤 舉杯消愁意正濃 無人寵 是我想得太多 猶如飛蛾撲火那麼沖動 最後 還有壹盞燭火 燃盡我 曲終人散 誰無過錯 我看破 月色正朦朧 與清風把酒相送 太多的詩頌 醉生夢死夜空 和妳醉後纏綿 妳曾記得 夢境的虛有琴聲壹曲相送 還有沒有情濃風花雪月顏容 和妳醉後纏綿 妳曾記得 夢境的虛有 琴聲壹曲相送 還有沒有情濃 風花雪月顏容 […]

Kaleidoscope - InZeed © 2015 Frontier Theme