Kaleidoscope - InZeed

- Science, Technology, Article, Music, Poem, Essay, etc ...

Computer Security

phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities

  phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities   Exploit Title: phpwind v8.7 goto.php? &url Parameter Open Redirect Security Vulnerabilities Product: phpwind Vendor: phpwind Vulnerable Versions: v8.7 Tested Version: v8.7 Advisory Publication: May 25, 2015 Latest Update: May 25, 2015 Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601] CVE Reference: * […]

phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

  phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities   Exploit Title: phpwind v8.7 goto.php? &url Parameter XSS Security Vulnerabilities Product: phpwind Vendor: phpwind Vulnerable Versions: v8.7 Tested Version: v8.7 Advisory Publication: May 25, 2015 Latest Update: May 25, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 […]

SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

  SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities   Exploit Title: SITEFACT CMS content.php? &id Parameter XSS Security Vulnerabilities Product: SITEFACT CMS (Content Management System) Vendor: SITEFACT Vulnerable Versions: version 2.01 Tested Version: version 2.01 Advisory Publication: May 24, 2015 Latest Update: May 24, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact […]

CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities

  CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities   Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Version: 5.01 3.12 Advisory Publication: February 27, 2015 Latest Update: […]

CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities

  CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities   Exploit Title: CVE-2015-2066 DLGuard /index.php c parameter SQL Injection Web Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: February 18, 2015 Latest Update: May 01, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL […]

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击

  About Group 网站有一个严重的网络安全问题,它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。   根据漏洞研究者发布的结果和POC视频,所有About.com的话题(子域名)都可以被攻击者利用。   新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号,他向 About Group 做了报告,但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止,漏洞还没有被修复” 王晶说。   与此同时,王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外,他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE (10.0.9200.16750) 和 Mozilla 的 Firefox (34.0), Ubuntu (14.04) 的 Google Chromium 39.0.2171.65-0, 以及 Mac OS X […]

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities

  CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities Exploit Title: DLGuard “/index.php?” “&c” parameter Full Path Disclosure Web Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: January 18, 2015 Latest Update: March 20, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: CVE-2015-2209 Impact CVSS Severity […]

NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities

NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities   Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01   3.12   3.0   2.4   2.3   2.2   2.1   2.0   1.1 Tested Version: 3.12 Advisory Publication: Feb 25, 2015 Latest […]

NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities

NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities   Exploit Title: NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12   3.0   2.4   2.3   2.2   2.1   2.0   1.1 Tested Version: 3.12 Advisory Publication: Feb 25, 2015 Latest […]

Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities

Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities   Exploit Title: Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC   7.0 Tested Version: 7.0 Advisory Publication: Feb 25, 2015 Latest Update: Feb 25, 2015 Vulnerability Type: Improper Control of Generation of Code (‘Code Injection’) […]

Kaleidoscope - InZeed © 2015 Frontier Theme