NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities

NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities   Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01   3.12   3.0   2.4   2.3   2.2… Continue Reading

Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities

Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities   Exploit Title: Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC   7.0 Tested Version: 7.0 Advisory Publication: Feb 25, 2015… Continue Reading

CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities   Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: InstantForum.NET Vendor: InstantASP Vulnerable Versions: v4.1.3   v4.1.1   v4.1.2   v4.0.0   v4.1.0   v3.4.0 Tested Version: v4.1.3… Continue Reading

CVE-2015-2066 DLGuard SQL Injection Security Vulnerabilities

CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities   Exploit Title: CVE-2015-2066 DLGuard /index.php c parameter SQL Injection Web Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: February 18, 2015 Latest Update: May 01,… Continue Reading

CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities

  CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities Exploit Title: DLGuard “/index.php?” “&c” parameter Full Path Disclosure Web Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: January 18, 2015 Latest… Continue Reading

CVE-2015-2064 DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2015-2064 DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities   Exploit Title: DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v5   v4.6   v4.5 Tested Version: v5   v4.6 Advisory Publication: Feb 18, 2015 Latest… Continue Reading

CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities   Exploit Title: vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities Product: vBulletin Forum Vendor: vBulletin Vulnerable Versions: 5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4 Tested Version: 5.1.3 4.2.2 Advisory Publication: February 12,… Continue Reading

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities Product: Cit-e-Access Vendor: Cit-e-Net Vulnerable Versions: Version 6 Tested Version: Version 6 Advisory Publication: February 12, 2015 Latest Update: June 01,… Continue Reading

About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击

  About Group 网站有一个严重的网络安全问题,它容易遭受 XSS (跨站脚本漏洞) XFS (跨Frame脚本漏洞)。这对它的近10亿月访问用户是灾难和毁灭性的。   根据漏洞研究者发布的结果和POC视频,所有About.com的话题(子域名)都可以被攻击者利用。   新加坡南洋理工大学 (NTU) 数学和物理学院 (SPMS) 数学系 (MAS) 的王晶 (Wang Jing) 发布了这个严重的安全漏洞。王晶声称在2014年10月19号,他向 About Group 做了报告,但是迄今为止一直没有收到回复。漏洞的发布时间是2015年2月2号。“到现在为止,漏洞还没有被修复” 王晶说。   与此同时,王晶披露 About.com 主页面的搜索域也容易遭受 XSS 攻击。除此之外,他还发布了一些 About.com 的公开重定向漏洞 (Open Redirect). 王说他的测试是在 Windows 8 的 IE… Continue Reading

CVE-2015-1475 – My Little Forum Multiple XSS Security Vulnerabilities

  CVE-2015-1475  – My Little Forum Multiple XSS Web Security Vulnerabilities   Exploit Title: My Little Forum Multiple XSS Web Security Vulnerabilities Vendor: My Little Forum Product: My Little Forum Vulnerable Versions: 2.3.3  2.2  1.7 Tested Version: 2.3.3  2.2  1.7… Continue Reading