Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)

Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)     Domains: http://lxr.mozilla.org/ http://mxr.mozilla.org/ (The two domains above are almost the same)         Websites information: “lxr.mozilla.org, mxr.mozilla.org are cross references designed to… Continue Reading

CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability

  CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Security Vulnerability   Exploit Title: Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability Product: dasBlog Vendor: Newtelligence Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813) Tested Version: 2.3 (2.3.9074.18820) Advisory Publication: OCT 15, 2014… Continue Reading

New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected)

The New York Times  Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)   Domain: http://www.nytimes.com/   “The New York Times (NYT) is an American daily newspaper, founded and continuously published in New… Continue Reading

CVE-2014-2230 – OpenX Dest Redirect Privilege Escalation Web Security Vulnerability

CVE-2014-2230 – OpenX 2.8.10 Dest Redirect Privilege Escalation Web Security Vulnerability     Exploit Title: OpenX Dest Redirect Privilege Escalation Web Security Vulnerability Product: OpenX Vendor:  OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Advisory Publication: October 06, 2014 Latest… Continue Reading

Covert Redirect Vulnerability

Covert Redirect Vulnerability  Covert Redirect is an application that takes a parameter and redirects a user to the parameter value WITHOUT SUFFICIENT validation. This is often the of result of a website’s overconfidence in its partners. In another word, the… Continue Reading

Oracle Access Manager (OAM) Vulnerabilities

Oracle Access Manager (formerly known as Oblix NetPoint and Oracle COREid) provides a full range of identity administration and security functions, that include Web single sign-on; user self-service and self-registration; sophisticated workflow functionality; auditing and access reporting; policy management; dynamic… Continue Reading

Paypal Online Website OAuth 2.0 Covert Redirect (OpenIDconnect) Web Security Bugs (Information Leakage & Open Redirect)

  Paypal Online Website OAuth 2.0 Covert Redirect (OpenIDconnect) Web Security Bugs (Information Leakage & Open Redirect) (1) Domain: paypal.com   “PayPal is an American worldwide online payments system. Online money transfers serve as electronic alternatives to traditional paper methods… Continue Reading

The New York Times(Nytimes.com) Covert Redirect Web Security Bug Based on Google Doubleclick.net

                    (1) WebSite: nytimes.com “The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times… Continue Reading

Amazon Website Covert Redirect Web Security Bugs Based on Facebook – Attack Simulation

  Amazon Website Covert Redirect Web Security Bugs Based on Facebook – Attack Simulation   Domain: http://www.amazon.com “Amazon.com, Inc. (/ˈæməzɒn/ or /ˈæməzən/) is an American electronic commerce company with headquarters in Seattle, Washington. It is the largest Internet-based retailer in… Continue Reading