CVE-2015-4134 phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities

CVE-2015-4134  phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities   Exploit Title: phpwind v8.7 goto.php? &url Parameter Open Redirect Security Vulnerabilities Product: phpwind Vendor: phpwind Vulnerable Versions: v8.7 Tested Version: v8.7 Advisory Publication: May 25, 2015 Latest Update: May… Continue Reading

CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities

  CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Web Security Vulnerabilities   Domain: http://cnn.com   “The Cable News Network (CNN) is an American basic cable and satellite television channel that is owned by the Turner Broadcasting System division of Time… Continue Reading

76.3% WEATHER CHANNEL WEBSITE LINKS VULNERABLE TO REFLECTED CROSS-SITE SCRIPTING (XSS)

Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to security researcher Wang Jing’s research. The vulnerability lies in that Weather.com does not filter malicious script codes when constructing HTML… Continue Reading

Amazon Website Covert Redirect Web Security Bugs Based on Facebook – Attack Simulation

  Amazon Website Covert Redirect Web Security Bugs Based on Facebook – Attack Simulation   Domain: http://www.amazon.com “Amazon.com, Inc. (/ˈæməzɒn/ or /ˈæməzən/) is an American electronic commerce company with headquarters in Seattle, Washington. It is the largest Internet-based retailer in… Continue Reading

GitHub Online Website OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  GitHub Online Website OAuth 2.0 Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)     (1) Domain: github.com   “GitHub is a web-based Git repository hosting service, which offers all of the distributed revision control and source… Continue Reading

VK.com OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  VK.com OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)   (1) Domain: vk.com   “VK (originally VKontakte, Russian: ВКонтакте, literally “in touch”) is the largest Russian social network in Europe. It is available in several languages,… Continue Reading

Netease OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect)

  Netease OAuth 2.0 Service Covert Redirect Web Security Bugs (Information Leakage & Open Redirect) (1) Domain: 163.com     “NetEase, Inc. (simplified Chinese: 网易; traditional Chinese: 網易; pinyin: Wǎng Yì) is a Chinese Internet company that operates 163.com, a popular… Continue Reading