Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities   Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS Security Vulnerabilities Product: Gcon Tech Solutions Vendor: Gcon Tech Solutions Vulnerable Versions: v1.0 Tested Version: v1.0 Advisory Publication: May… Continue Reading

OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities

  OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities   Exploit Title: NetCat CMS Multiple CRLF Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1… Continue Reading

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities Product: Cit-e-Access Vendor: Cit-e-Net Vulnerable Versions: Version 6 Tested Version: Version 6 Advisory Publication: February 12, 2015 Latest Update: June 01,… Continue Reading

76.3% WEATHER CHANNEL WEBSITE LINKS VULNERABLE TO REFLECTED CROSS-SITE SCRIPTING (XSS)

Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to security researcher Wang Jing’s research. The vulnerability lies in that Weather.com does not filter malicious script codes when constructing HTML… Continue Reading

All Links to New York Times Articles Prior to 2013 Vulnerable to XSS Attacks

URLs to articles in New York Times (NYT) published before 2013 have been found to be vulnerable to an XSS (cross-site scripting) attack capable of delivering code to be executed in the context of the web browser.   Based on… Continue Reading

Articles of New York Times Before 2013 May Vulnerable to XSS Attacks

  New York Times articles’ pages dated before 2013 may suffer from an XSS (Cross-site Scripting) vulnerability, according to the report posted by security researcher Wang Jing. Wang is a mathematics Ph.D student from School of Physical and Mathematical Sciences,… Continue Reading

Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)

Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)     Domains: http://lxr.mozilla.org/ http://mxr.mozilla.org/ (The two domains above are almost the same)         Websites information: “lxr.mozilla.org, mxr.mozilla.org are cross references designed to… Continue Reading

New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected)

The New York Times  Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)   Domain: http://www.nytimes.com/   “The New York Times (NYT) is an American daily newspaper, founded and continuously published in New… Continue Reading

Paypal Online Website OAuth 2.0 Covert Redirect (OpenIDconnect) Web Security Bugs (Information Leakage & Open Redirect)

  Paypal Online Website OAuth 2.0 Covert Redirect (OpenIDconnect) Web Security Bugs (Information Leakage & Open Redirect) (1) Domain: paypal.com   “PayPal is an American worldwide online payments system. Online money transfers serve as electronic alternatives to traditional paper methods… Continue Reading