CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities

  CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities   Domain: http://cnn.com   “The Cable News Network (CNN) is an American basic cable and satellite television channel that is owned by the Turner Broadcasting System division of Time… Continue Reading

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability

CVE-2014-7294 NYU OpenSSO Integration 2.1 Dest Privilege Escalation Web Security Vulnerability       Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect Product: OpenSSO Integration Vendor: NYU Vulnerable Versions: 2.1 and probability prior Tested Version: 2.1 Advisory Publication: December 14, 2014… Continue Reading

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

  CVE-2014-7293  NYU OpenSSO Integration XSS (Cross-Site Scripting) Web Security Vulnerability         Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS Product: OpenSSO Integration Vendor: NYU  Vulnerable Versions: 2.1 and probability prior Tested Version: 2.1 Advisory… Continue Reading

Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs

  Yahoo Yahoo.com Yahoo.co.jp Open Redirect (Unvalidated Redirects and Forwards) Web Security Bugs   Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all.   Multiple Open… Continue Reading

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8490  TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability   Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS Product: TennisConnect COMPONENTS System Vendor:    TennisConnect Vulnerable Versions: 9.927 Tested Version:    9.927 Advisory Publication: Nov 18, 2014 Latest Update:    Nov… Continue Reading

CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability     Exploit Title: JCE-Tech “Video Niche Script” /view.php Multiple Parameters XSS Product: “Video Niche Script” Vendor: JCE-Tech Vulnerable Versions: 4.0 Tested Version: 4.0 Advisory Publication: Nov 18, 2014 Latest Update:… Continue Reading

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability

  CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Open Redirect Web Security Vulnerability   Exploit Title: “Ping Identity Corporation” “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Web Security Vulnerability Product: PingFederate 6.10.1 SP Endpoints Vendor: Ping Identity Corporation… Continue Reading

CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2014-8751  goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities   Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: WebPress Vendor: goYWP Vulnerable Versions: 13.00.06 Tested Version: 13.00.06 Advisory Publication: Dec 09, 2014 Latest Update: Dec 09, 2014… Continue Reading

The Weather Channel weather.com Almost All Links Vulnerable to XSS Attacks

The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks     Domain Description: http://www.weather.com/   “The Weather Channel is an American basic cable and satellite television channel which broadcasts weather forecasts and weather-related news and analyses, along with… Continue Reading