Kaleidoscope - InZeed

- Science, Technology, Article, Music, Poem, Essay, etc ...

Information Leakage Vulnerability

Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack encryption codes could see when messages are transmitted, even if he could not read them. During the Second World War, the Japanese for a while were using secret codes such as PURPLE; even before such codes were cracked, some basic information could be extracted about the content of the messages by looking at which relay stations sent a message onward.

CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities

  CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities   Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Version: 5.01 3.12 Advisory Publication: February 27, 2015 Latest Update: […]

724CMS 5.01 Information Leakage Security Vulnerabilities

724CMS 5.01 Multiple Information Leakage Security Vulnerabilities   Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01   4.01   4.59   5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: * Impact CVSS Severity (version 2.0): […]

WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities

WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities   Exploit Title: WordPress Daily Edition Theme /thumb.php src Parameters Information Leakage Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.*   v1.5.*   v1.4.*   v1.3.*   v1.2.*   v1.1.*   v.1.0.* Tested Version: v1.6.2 Advisory Publication: March 10, 2015 Latest Update: […]

Webshop hun v1.062S Information Leakage (Full Path Disclosure – FPD) Security Vulnerabilities

Webshop hun v1.062S Information Leakage (Full Path Disclosure – FPD) Security Vulnerabilities   Exploit Title: Webshop hun v1.062S /index.php termid parameter Information Leakage Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S Advisory Publication: March 07, 2015 Latest Update: March 07, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: * […]

एक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect

एक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect     इंटरनेट अब भी Heartbleed बग से जूझ रहा है, जबकि सुरक्षा प्रोटोकॉल OAuth 2.0 और OpenID में एक प्रमुख नए भेद्यता खोज की गई है.           सिंगापुर में नानयांग प्रौद्योगिकी विश्वविद्यालय की पीएचडी की छात्रा वांग जिंग हैकर्स उपयोगकर्ताओं को […]

隱蔽重定向(Covert Redirect)因其對 OAuth 和 OpenID 的影響而為人所知

    隱蔽重定向(英语:Covert Redirect)[1],是關於單點登錄 (Single sign-on) 的安全漏洞。因其對 OAuth 和 OpenID 的影響而為人所知[2]。由新加坡南洋理工大學物理和數學科學學院博士生王晶(Wang Jing)發現並命名[3]。   Covert Redirect的壹個重要應用是phishing[4],別的網站釣魚是用假的網站,而 Covert Redirect卻是用真的知名網站進行釣魚。這是壹種完美釣魚方式[5]。     https://zh.wikipedia.org/wiki/%E9%9A%B1%E8%94%BD%E9%87%8D%E5%AE%9A%E5%90%91%E6%BC%8F%E6%B4%9E

CVE-2014-2404 Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure

  CVE-2014-2404 Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure     Exploit Title: Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure Product: Access Manager component in Oracle Fusion Middleware Vendor: Oracle Vulnerable Versions: 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 Advisory Publication: Apr 15, 2014 Latest Update: Apr 15, 2014 Vulnerability Type: Information […]

Oracle Access Manager (OAM) Vulnerabilities

Oracle Access Manager (formerly known as Oblix NetPoint and Oracle COREid) provides a full range of identity administration and security functions, that include Web single sign-on; user self-service and self-registration; sophisticated workflow functionality; auditing and access reporting; policy management; dynamic group management; and delegated administration. The main file of OAM is “obrareq.cgi”. However, “obrareq.cgi” doesn’t […]

WHITE HAT HACKERS TESTING SECURITY OF COMPUTER SYSTEMS IN SINGAPORE

 SINGAPORE: Call them cybersecurity vigilantes if you will, or “white hats” – as they are known in the hacking world. Mr Wang Jing and Mr Zhao Hainan are part of a growing group of individuals who are taking it upon themselves to test the security of information systems in organisations and report security flaws.   Earlier […]

Oracle Access Manager WebGate Subcomponent Unspecified Remote Information Disclosure CVE-2014-2404

Exploit Title: Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure Product: Access Manager component in Oracle Fusion Middleware Vendor: Oracle Vulnerable Versions: 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 Advisory Publication: Apr 15, 2014 Latest Update: Apr 15, 2014 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: CVE-2014-2404 Risk Level: Medium CVSS v2 Base Score: 4.0 […]

Kaleidoscope - InZeed © 2015 Frontier Theme