Kaleidoscope - InZeed

- Science, Technology, Article, Music, Poem, Essay, etc ...

Open Redirect Vulnerability

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.

FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities

  FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities   Domain: fc2.com “FC2 (founded July 20, 1999) is a popular Japanese blogging host, the third most popular video hosting service in Japan (after YouTube and Niconico), and a web hosting company headquartered in Las Vegas, Nevada. It is the sixth […]

Rakuten Online Website Open Redirect (URL Redirection) Cyber Security Vulnerabilities

  Rakuten Online Website Open Redirect (URL Redirection) Cyber Security Vulnerabilities   Domain: rakuten.com “Rakuten, Inc. (楽天株式会社 Rakuten Kabushiki-gaisha?) is a Japanese electronic commerce and Internet company based in Tokyo, Japan. Its B2B2C e-commerce platform Rakuten Ichiba is the largest e-commerce site in Japan and among the world’s largest by sales. Hiroshi Mikitani founded the […]

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities   Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL Redirection Security Vulnerabilities Vendor: Innovative Interfaces Inc Product: WebPAC Pro Vulnerable Versions: 2.0 Tested Version: 2.0 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015 Vulnerability Type: URL Redirection to Untrusted […]

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击

  About Group 网站有一个严重的网络安全问题,它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。   根据漏洞研究者发布的结果和POC视频,所有About.com的话题(子域名)都可以被攻击者利用。   新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号,他向 About Group 做了报告,但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止,漏洞还没有被修复” 王晶说。   与此同时,王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外,他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE (10.0.9200.16750) 和 Mozilla 的 Firefox (34.0), Ubuntu (14.04) 的 Google Chromium 39.0.2171.65-0, 以及 Mac OS X […]

WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities

WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities   Exploit Title: WordPress Newsletter Plug-in /do.php &nr parameter URL Redirection Security Vulnerabilities Product: WordPress Newsletter Plug-in Vendor: Satollo.net Vulnerable Versions: 2.6.* 2.5.* Tested Version: Check Related Versions’ Source Code Advisory Publication: March 04, 2015 Latest Update: March 04, 2015 Vulnerability Type: URL Redirection to Untrusted […]

NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities

NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities   Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01   3.12   3.0   2.4   2.3   2.2   2.1   2.0   1.1 Tested Version: 3.12 Advisory Publication: Feb 25, 2015 Latest […]

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability

  CVE-2014-7294 NYU OpenSSO Integration 2.1 Dest Privilege Escalation Web Security Vulnerability       Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect Product: OpenSSO Integration Vendor: NYU Vulnerable Versions: 2.1 and probability prior Tested Version: 2.1 Advisory Publication: December 14, 2014 Latest Update: January 05, 2015 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-7294 mpact […]

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect Product: OpenSSO Integration Vendor: NYU Vulnerable Versions: 2.1 and probability prior Tested Version: 2.1 Advisory Publication: DEC 29, 2014 Latest Update: DEC 29, 2014 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-7294 CVSS v2 Base Score: 5.8 […]

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities

About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities   Vulnerability Description: About.com all “topic sites” are vulnerable to XSS (Cross-Site Scripting) and Iframe Injection (Cross Frame Scripting) attacks. This means all sub-domains of about.com are affected. Based on a self-written program, 94357 links […]

Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities

Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities Domains Basics: Alibaba Taobao, AliExpress, Tmall are the top three online shopping websites belonging to Alibaba. Vulnerability Discover: Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com/wangjing/ (1) Domains Descriptions: […]

Kaleidoscope - InZeed © 2015 Frontier Theme