CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-9561  Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability   Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS Product: SoftBB (mods) Vendor: Softbb.net Vulnerable Versions: v0.1.3 Tested Version: v0.1.3 Advisory Publication: Jan 10, 2015 Latest Update: Jan 10, 2015 Vulnerability Type:… Continue Reading

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability

CVE-2014-9560  Softbb.net SoftBB SQL Injection Security Vulnerability     Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection Product: SoftBB (mods) Vendor: Softbb.net Vulnerable Versions: v0.1.3 Tested Version: v0.1.3 Advisory Publication: Jan 10, 2015 Latest Update: Jan 10, 2015 Vulnerability… Continue Reading

CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities

  CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities   Domain: http://cnn.com   “The Cable News Network (CNN) is an American basic cable and satellite television channel that is owned by the Turner Broadcasting System division of Time… Continue Reading

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-8490  TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability   Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS Product: TennisConnect COMPONENTS System Vendor:    TennisConnect Vulnerable Versions: 9.927 Tested Version:    9.927 Advisory Publication: Nov 18, 2014 Latest Update:    Nov… Continue Reading

Covert Redirect Vulnerability

Covert Redirect Vulnerability  Covert Redirect is an application that takes a parameter and redirects a user to the parameter value WITHOUT SUFFICIENT validation. This is often the of result of a website’s overconfidence in its partners. In another word, the… Continue Reading

Oracle Access Manager (OAM) Vulnerabilities

Oracle Access Manager (formerly known as Oblix NetPoint and Oracle COREid) provides a full range of identity administration and security functions, that include Web single sign-on; user self-service and self-registration; sophisticated workflow functionality; auditing and access reporting; policy management; dynamic… Continue Reading

Covert Redirect Vulnerability Related to OAuth 2.0 and OpenID

Covert Redirect: http://tetraph.com/covert_redirect/ A serious Covert Redirect ( http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html ) vulnerability related to OAuth 2.0 and OpenID was found.   Almost all major OAuth 2.0 and OpenID providers are affected, such as Facebook, Google, Yahoo, LinkedIn, Microsoft, PayPal, GitHub, QQ, Taobao,… Continue Reading

6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities

6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities   Exploit Title: 6kbbs XSS (Cross-site Scripting) Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1   v8.0 Tested Version: v7.1   v8.0 Advisory Publication: April 02, 2015 Latest Update: April 02, 2015… Continue Reading

Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities

Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities   Exploit Title: Proverbs Web Calendar /calendar.php Multiple Parameters XSS (Cross-site Scripting) Security Vulnerabilities Vendor: Proverbs Product: Proverbs Web Calendar Vulnerable Versions: 1.0.0   1.1   1.2.2   2.1   2.1.2… Continue Reading

6kbbs v8.0 SQL Injection Security Vulnerabilities

6kbbs v8.0 SQL Injection Security Vulnerabilities   Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1   v8.0 Tested Version: v7.1   v8.0 Advisory Publication: April 01, 2015 Latest Update: April 01, 2015 Vulnerability… Continue Reading