Kaleidoscope - InZeed

- Science, Technology, Article, Music, Poem, Essay, etc ...

tetraph

SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

  SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities   Exploit Title: SITEFACT CMS content.php? &id Parameter XSS Security Vulnerabilities Product: SITEFACT CMS (Content Management System) Vendor: SITEFACT Vulnerable Versions: version 2.01 Tested Version: version 2.01 Advisory Publication: May 24, 2015 Latest Update: May 24, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact […]

Gcon Tech Solutions v1.0 SQL Injection Web Security Vulnerabilities

  Gcon Tech Solutions v1.0 SQL Injection Web Security Vulnerabilities   Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter SQL Injection Security Vulnerabilities Product: Gcon Tech Solutions Vendor: Gcon Tech Solutions Vulnerable Versions: v1.0 Tested Version: v1.0 Advisory Publication: May 24, 2015 Latest Update: May 24, 2015 Vulnerability Type: Improper Neutralization of Special Elements […]

Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

  Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities   Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS Security Vulnerabilities Product: Gcon Tech Solutions Vendor: Gcon Tech Solutions Vulnerable Versions: v1.0 Tested Version: v1.0 Advisory Publication: May 23, 2015 Latest Update: May 23, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: […]

CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities

  CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities   Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1   v8.0 Tested Version: v7.1   v8.0 Advisory Publication: April 02, 2015 Latest Update: April 02, 2015 Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352] CVE Reference: […]

एक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect

एक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect     इंटरनेट अब भी Heartbleed बग से जूझ रहा है, जबकि सुरक्षा प्रोटोकॉल OAuth 2.0 और OpenID में एक प्रमुख नए भेद्यता खोज की गई है.           सिंगापुर में नानयांग प्रौद्योगिकी विश्वविद्यालय की पीएचडी की छात्रा वांग जिंग हैकर्स उपयोगकर्ताओं को […]

Heartbleed آخر؟أكثر عيوب وجدت في الأمن ويب, Covert Redirect

Heartbleed آخر؟أكثر عيوب وجدت في الأمن ويب, Covert Redirect لقد تم اكتشاف ثغرة جديدة كبرى في البروتوكولات الأمنية أوث 2.0 وهوية OpenID في حين أن الإنترنت ما زالت تعاني من خلل Heartbleed.         طالب دكتوراه وانغ جينغ من جامعة نانيانغ التكنولوجية في سنغافورة رصدت الخلل الذي يسمح للقراصنة لاستخدام تقنيات التصيد في […]

Xuất hiện lỗ hổng Covert Redirect, bản sao của “Trái tim rỉ máu”

Xuất hiện lỗ hổng Covert Redirect, bản sao của “Trái tim rỉ máu”   Một nghiên cứu sinh tại trường Đại học Công nghệ Nanyang (Singapore) vừa phát hiện một lỗ hổng bảo mật tồn tại trong phần mềm mã nguồn mở đang được rất nhiều website sử dụng. Thông tin mới nhất cho thấy […]

Covert Redirect Mengancam OAuth 2.0 dan OpenID

Pada Jumat lalu, Wang Jing, seorang mahasiswa program PhD di Nanyang Technological University di Singapura, menerbitkan sebuah laporan yang memjabarkan tentang metode serangan yang disebut dengan “Covert Redirect” dan memperkenalkannya sebagai kerentanan atau vulnerable di OAuth 2.0 dan OpenID.     Cara kerja OAuth 2.0 dan OpenID sendiri adalah dengan memberikan akses bagi pengguna layanan […]

XSS κίνδυνοι εντοπίστηκαν σε συνδέσμους στο New York Times σε άρθρα πριν το 2013

Οι διευθύνσεις URL σε άρθρα στους New York Times (NYT) που δημοσιεύτηκαν πριν από το 2013 έχουν βρεθεί να είναι ευάλωτες σε XSS (cross-site scripting) επίθεση, ικανή να μεταφέρει κώδικα που θα εκτελείται στο πρόγραμμα περιήγησης.     Ένας φοιτητής από τη Σιγκαπούρη με το όνομα Wang Jing ανέφερε την Πέμπτη την ευπάθεια XSS που […]

하트블리드 이어 ‘오픈ID’와 ‘오쓰(OAuth)’서도 심각한 보안 결함

  ‘하트블리드(Heartbleed)’ 버그에 이어 가입자 인증 및 보안용 오픈소스 SW인 ‘오픈ID’와‘오쓰(OAuth)’에도 심각한 결함이 발견됐다고 씨넷, 벤처비트 등 매체들이 보도했다.     싱 가폴난양대학교에 재학중인 ‘왕 징(Wang Jing)’ 박사는 수 많은 웹사이트와 구글, 페이스북, 링크드인, MS, 페이팔 등에서 사용하고 있는 로그인 툴인 ‘OAuth’와‘오픈ID’에 치명적인 결함이 발견됐다고 밝혔다. ‘코버트리디렉트(Covert Redirect)’라고 일컬어지는 이 결함은 감염된 도메인의 로그인 팝업을 […]

Kaleidoscope - InZeed © 2015 Frontier Theme