標籤 bug flaw 下的所有文章

Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities

computer pitch

websid


Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: Webs ID /login.jsp &error Parameter Reflected XSS (Cross-site Scripting) Security

Vendor: Webs, Inc

Product: Webs ID

Vulnerable Versions:

Tested Version:

Advisory Publication: April 02, 2015

Latest Update: April 02, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Proposition Details:

(1) Vendor & Product Description:

Vendor:

Webs, Inc

Product & Vulnerable Versions:

Webs ID

Vendor URL & download:

Webs ID can be obtained from here,

http://www.webs.com

http://www.webs.com/blog/2010/04/20/new-easier-way-to-manage-websid-account-settings/

Terms of Service Overview:

" The services offered by Webs, Inc. (“Webs" or “us" or “we" or “our") include the websites at http://www.webs.com and http://www.freewebs.com as well as any other related websites, toolbars, widgets, or other distribution channels we may, from time to…

View original post 詳見內文:約485字

NetCat CMS 3.12 HTML Injection Security Vulnerabilities

computer pitch

Unified Communications, Globus, Stecker, Telefon


NetCat CMS 3.12 HTML Injection Security Vulnerabilities

Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Security Vulnerabilities

Product: NetCat CMS (Content Management System)

Vendor: NetCat

Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Tested Version: 3.12

Advisory Publication: April 15, 2015

Latest Update: April 15, 2015

Vulnerability Type: Improper Input Validation [CWE-20]

CVE Reference: *

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Discover and Reporter: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:

Vendor:

NetCat

Product & Vulnerable Version:

NetCat

3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Vendor URL & Download:

NetCat can be downloaded from here,

http://netcat.ru/

Product Introduction Overview:

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card" with a minimum content to…

View original post 詳見內文:約362字

NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

computer pitch

computer-science-curriculmn


NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

Exploit Title: NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

Product: NetCat CMS (Content Management System)

Vendor: NetCat

Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Tested Version: 3.12

Advisory Publication: April 14, 2015

Latest Update: April 14, 2015

Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) [CWE-22]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Discovert and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Advisory Details:

(1) Vendor & Product Description:

Vendor:

NetCat

Product & Vulnerable Version:

NetCat

3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Vendor URL & Download:

NetCat can be obtained from here,

http://netcat.ru/

Product Introduction Overview:

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from…

View original post 詳見內文:約373字

Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

computer pitch

opoint

Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Exploit Title: Opoint Media Intelligence click.php? &noblink parameter URL Redirection Security Vulnerabilities

Vendor: Opoint

Product: Opoint Media Intelligence

Vulnerable Versions:

Tested Version:

Advisory Publication: April 14, 2015

Latest Update: April 14, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Discover and Writer: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:

Vendor:

Opoint

Product & Version:

Opoint Media Intelligence

Vendor URL & Download:

Opoint Media Intelligence can be got from here,

http://www.opoint.com/index.php?page=home

Product Introduction Overview:

“Today, some libraries want to enhance their online presence in ways that go beyond the traditional OPAC and the “library portal" model to better integrate the latest Web functionality. With Opoint Media Intelligence…

View original post 詳見內文:約417字