CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities Exploit Title: CVE-2015-2214 NetCat CMS Full Path Disclosure Web Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Version: 5.01 3.12 Advisory Publication: February 27, 2015 Latest Update: …
Continue reading CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security VulnerabilitiesInformation Leakage Vulnerability
Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack encryption codes could see when messages are transmitted, even if he could not read them. During the Second World War, the Japanese for a while were using secret codes such as PURPLE; even before such codes were cracked, some basic information could be extracted about the content of the messages by looking at which relay stations sent a message onward.
CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilities Exploit Title: DLGuard “/index.php?” “&c” parameter Full Path Disclosure Web Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: January 18, 2015 Latest Update: March 20, 2015 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: CVE-2015-2209 Impact CVSS Severity …
Continue reading CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilitiesएक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect इंटरनेट अब भी Heartbleed बग से जूझ रहा है, जबकि सुरक्षा प्रोटोकॉल OAuth 2.0 और OpenID में एक प्रमुख नए भेद्यता खोज की गई है. सिंगापुर में नानयांग प्रौद्योगिकी विश्वविद्यालय की पीएचडी की छात्रा वांग जिंग हैकर्स उपयोगकर्ताओं को …
Continue reading एक अन्य Heartbleed?वेब सुरक्षा में पाया दोषों, Covert Redirect隱蔽重定向(英语:Covert Redirect)[1],是關於單點登錄 (Single sign-on) 的安全漏洞。因其對 OAuth 和 OpenID 的影響而為人所知[2]。由新加坡南洋理工大學物理和數學科學學院博士生王晶(Wang Jing)發現並命名[3]。 Covert Redirect的壹個重要應用是phishing[4],別的網站釣魚是用假的網站,而 Covert Redirect卻是用真的知名網站進行釣魚。這是壹種完美釣魚方式[5]。 https://zh.wikipedia.org/wiki/%E9%9A%B1%E8%94%BD%E9%87%8D%E5%AE%9A%E5%90%91%E6%BC%8F%E6%B4%9E
Continue reading 隱蔽重定向(Covert Redirect)因其對 OAuth 和 OpenID 的影響而為人所知CVE-2014-2404 Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure Exploit Title: Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure Product: Access Manager component in Oracle Fusion Middleware Vendor: Oracle Vulnerable Versions: 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 Advisory Publication: Apr 15, 2014 Latest Update: Apr 15, 2014 Vulnerability Type: Information …
Continue reading CVE-2014-2404 Oracle Manager WebGate Subcomponent Unspecified Remote Information DisclosureOracle Access Manager (formerly known as Oblix NetPoint and Oracle COREid) provides a full range of identity administration and security functions, that include Web single sign-on; user self-service and self-registration; sophisticated workflow functionality; auditing and access reporting; policy management; dynamic group management; and delegated administration. The main file of OAM is “obrareq.cgi”. However, “obrareq.cgi” doesn’t …
Continue reading Oracle Access Manager (OAM) VulnerabilitiesSINGAPORE: Call them cybersecurity vigilantes if you will, or “white hats” – as they are known in the hacking world. Mr Wang Jing and Mr Zhao Hainan are part of a growing group of individuals who are taking it upon themselves to test the security of information systems in organisations and report security flaws. Earlier …
Continue reading WHITE HAT HACKERS TESTING SECURITY OF COMPUTER SYSTEMS IN SINGAPOREExploit Title: Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure Product: Access Manager component in Oracle Fusion Middleware Vendor: Oracle Vulnerable Versions: 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 Advisory Publication: Apr 15, 2014 Latest Update: Apr 15, 2014 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: CVE-2014-2404 Risk Level: Medium CVSS v2 Base Score: 4.0 …
Continue reading Oracle Access Manager WebGate Subcomponent Unspecified Remote Information Disclosure CVE-2014-2404พบช่องโหว่ความปลอดภัยในระบบล็อกอิน OAuth และ OpenID เว็บใหญ่โดนกันถ้วนหน้า Wang Jing นักศึกษาปริญญาเอกจาก Nanyang Technology University ในสิงคโปร์ ประกาศค้นพบช่องโหว่ในระบบล็อกอิน OAuth 2.0 และ OpenID ที่ส่งผลกระทบต่อเว็บไซต์ชื่อดังเป็นจำนวนมาก Jing เรียกช่องโหว่นี้ว่า “Covert Redirect” เพราะมันอาศัยการที่ระบบล็อกอินทั้งสองตัวจะยืนยันตัวตนผู้ใช้แล้ว redirect ไปยังเว็บไซต์ปลายทาง แต่กลับไม่ตรวจสอบเว็บไซต์ปลายทางให้ดีก่อน จึงอาจถูกใช้ในการปลอม redirect ไปยังเว็บไซต์ของผู้โจมตีแทนได้ (และเว็บไซต์ที่โจมตีจะได้ข้อมูลส่วนตัวจากเว็บไซต์ต้นทางไป แล้วแต่สิทธิที่ผู้ใช้อนุญาตให้) https://www.blognone.com/node/55954
Continue reading พบช่องโหว่ความปลอดภัยในระบบล็อกอิน OAuth และ OpenID เว็บใหญ่โดนกันถ้วนหน้า