CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8490  TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability   Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS Product: TennisConnect COMPONENTS System Vendor:    TennisConnect Vulnerable Versions: 9.927 Tested Version:    9.927 Advisory Publication: Nov 18, 2014 Latest Update:    Nov… Continue Reading

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability

  CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Open Redirect Web Security Vulnerability   Exploit Title: “Ping Identity Corporation” “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Web Security Vulnerability Product: PingFederate 6.10.1 SP Endpoints Vendor: Ping Identity Corporation… Continue Reading

CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability

  CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Security Vulnerability   Exploit Title: Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability Product: dasBlog Vendor: Newtelligence Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813) Tested Version: 2.3 (2.3.9074.18820) Advisory Publication: OCT 15, 2014… Continue Reading

CVE-2014-2230 – OpenX Dest Redirect Privilege Escalation Web Security Vulnerability

CVE-2014-2230 – OpenX 2.8.10 Dest Redirect Privilege Escalation Web Security Vulnerability     Exploit Title: OpenX Dest Redirect Privilege Escalation Web Security Vulnerability Product: OpenX Vendor:  OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Advisory Publication: October 06, 2014 Latest… Continue Reading

Covert Redirect Vulnerability

Covert Redirect Vulnerability  Covert Redirect is an application that takes a parameter and redirects a user to the parameter value WITHOUT SUFFICIENT validation. This is often the of result of a website’s overconfidence in its partners. In another word, the… Continue Reading

Oracle Access Manager (OAM) Vulnerabilities

Oracle Access Manager (formerly known as Oblix NetPoint and Oracle COREid) provides a full range of identity administration and security functions, that include Web single sign-on; user self-service and self-registration; sophisticated workflow functionality; auditing and access reporting; policy management; dynamic… Continue Reading

Covert Redirect Vulnerability Related to OAuth 2.0 and OpenID

Covert Redirect: http://tetraph.com/covert_redirect/ A serious Covert Redirect ( http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html ) vulnerability related to OAuth 2.0 and OpenID was found.   Almost all major OAuth 2.0 and OpenID providers are affected, such as Facebook, Google, Yahoo, LinkedIn, Microsoft, PayPal, GitHub, QQ, Taobao,… Continue Reading

6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities

6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities   Exploit Title: 6kbbs XSS (Cross-site Scripting) Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1   v8.0 Tested Version: v7.1   v8.0 Advisory Publication: April 02, 2015 Latest Update: April 02, 2015… Continue Reading

Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities

Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities   Exploit Title: Proverbs Web Calendar /calendar.php Multiple Parameters XSS (Cross-site Scripting) Security Vulnerabilities Vendor: Proverbs Product: Proverbs Web Calendar Vulnerable Versions: 1.0.0   1.1   1.2.2   2.1   2.1.2… Continue Reading

6kbbs v8.0 SQL Injection Security Vulnerabilities

6kbbs v8.0 SQL Injection Security Vulnerabilities   Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1   v8.0 Tested Version: v7.1   v8.0 Advisory Publication: April 01, 2015 Latest Update: April 01, 2015 Vulnerability… Continue Reading