vulnerability – Tetraph Blog

Amazon Covert Redirect Bug Based on Kindle Daily Post, Omnivoracious, Car Lust

Blackhole June 17, 2015 9

Amazon Covert Redirect Bug Based on Kindle Daily Post, Omnivoracious, Car Lust – Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect Web Security Vulnerabilities Domains: http://www.amazon.com “Amazon.com, Inc. (/ˈæməzɒn/ or /ˈæməzən/) is an American electronic commerce company with headquarters in Seattle, Washington. It is the …

Categories Computer Security, Covert Redirect Vulnerability, Phishing Tags 0Day, Amazon, bug, Car Lust, carlustblog.com, Computer Science, Covert Redirect, Hacker Prevent, IEEE Research, Kindle Daily Post, kindlepost.com, Omnivoracious, omnivoracious.com, Open Redirect, vulnerability, Web Security

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities

Blackhole May 12, 2015 13

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities Exploit Title: CVE-2015-2349 – SuperWebMailer /defaultnewsletter.php” HTMLForm Parameter XSS Web Security Vulnerabilities Product: SuperWebMailer Vendor: SuperWebMailer Vulnerable Versions: 5.*.0.* 4.*.0.* Tested Version: 5.*.0.* 4.*.0.* Advisory Publication: March 11, 2015 Latest Update: May 03, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-2349 Impact CVSS …

Categories CVEs, Web Security, XSS Vulnerability Tags 0-day, 2015-2349, 5.50, attack, browser, bug, client-side, computer, cve, cyber, defense, exploit, flaw, hacker, IEEE, Internet, IT, JingWang, Research, security, singapore, spms, SuperWebMailer, vulnerability, web, web application, white-hat, XSS

CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities

Blackhole May 11, 2015 0

CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities Exploit Title: CVE-2015-2243 Webshop hun v1.062S /index.php &mappa Parameter Directory Traversal Web Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S Advisory Publication: March 01, 2015 Latest Update: April 28, 2015 Vulnerability Type: Improper Limitation of a Pathname to a …

Categories Computer Security, CVEs, Directory Traversal, File Include Tags 0day-exploit, 2015-2243, attack-defense, computer technology, cve, directory traversal, Information Security, IT Security, PHP-Code-Flaw, v1.062S, vulnerability, Web Security, Webshop hun, whitehat-testing

CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities

Blackhole April 26, 2015 15

CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities Exploit Title: CVE-2015-2242 Webshop hun v1.062S /index.php Multiple Parameters SQL Injection Web Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S Advisory Publication: Mar 04, 2015 Latest Update: Mar 04, 2015 Vulnerability Type: Improper Control of Generation of Code (‘Code …

Categories Computer Security, CVEs, SQL Injection Vulnerability Tags 0-day Exploit, 2015-2242, attack-defense, computer technology, cve, Information Security, IT security defense, php-code flaw bug, SQL Injection, v1.062S, vulnerability, Web Security, Webshop hun, whitehat test technology

CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities

Blackhole February 12, 2015 0

CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities Exploit Title: vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities Product: vBulletin Forum Vendor: vBulletin Vulnerable Versions: 5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4 Tested Version: 5.1.3 4.2.2 Advisory Publication: Feb 12, 2015 Latest Update: Feb 12, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-9469 CVSS Severity (version 2.0): …

Categories CVEs, XSS Vulnerability Tags 0-day, application, browser, coding, computer, cyber-security, database, exploit, hacker, information, IT, scripting, security, technology, test, vulnerability, web, white-hat

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

Blackhole February 12, 2015 0

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: Cit-e-Access Vendor: Cit-e-Net Vulnerable Versions: Version 6 Tested Version: Version 6 Advisory Publication: Feb 12, 2015 Latest Update: Feb 12, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8753 CVSS Severity (version 2.0): CVSS v2 Base …

Categories CVEs, XSS Vulnerability Tags 0-day, application, browser, coding, computer, cyber-security, database, exploit, hacker, information, IT, scripting, security, technology, test, vulnerability, web, white-hat

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

Blackhole February 12, 2015 0

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection Product: SoftBB (mods) Vendor: Softbb.net Vulnerable Versions: v0.1.3 Tested Version: v0.1.3 Advisory Publication: Jan 10, 2015 Latest Update: Jan 10, 2015 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89) CVE Reference: CVE-2014-9560 CVSS Severity (version 2.0): CVSS v2 Base …

Categories Computer Security, SQL Injection Vulnerability Tags 0-day, application, browser, coding, computer, cyber-security, database, exploit, hacker, information, IT, scripting, security, technology, test, vulnerability, web, white-hat

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

Blackhole February 12, 2015 0

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS Product: SoftBB (mods) Vendor: Softbb.net Vulnerable Versions: v0.1.3 Tested Version: v0.1.3 Advisory Publication: Jan 10, 2015 Latest Update: Jan 10, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-9561 CVSS Severity (version 2.0): CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 8.6 …

Categories Computer Security, XSS Vulnerability Tags 0-day, application, browser, coding, computer, cyber-security, database, exploit, hacker, information, IT, scripting, security, technology, test, vulnerability, web, white-hat

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability

Blackhole February 12, 2015 0

CVE-2014-7294 NYU OpenSSO Integration 2.1 Dest Privilege Escalation Web Security Vulnerability Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect Product: OpenSSO Integration Vendor: NYU Vulnerable Versions: 2.1 and probability prior Tested Version: 2.1 Advisory Publication: December 14, 2014 Latest Update: January 05, 2015 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-7294 mpact CVSS …

Categories Computer Security, CVEs, Open Redirect Vulnerability Tags 0-day, 2.1, application, attack, browser, coding, computer, computer bug, crime prevention, cross-site, cve, CVE-2014-7294, cyber-security, database, exploit, hacker, IT vulnerability, NYU, Open Redirect, OpenSSO Integration, PHP Code, Privilege Escalation, technology, test, vulnerability, web, white-hat, whitehat

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

Blackhole February 12, 2015 0

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Web Security Vulnerability Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS Product: OpenSSO Integration Vendor: NYU Vulnerable Versions: 2.1 and probability prior Tested Version: 2.1 Advisory Publication: December 29, 2014 Latest Update: December 29, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE …

Categories Computer Security, CVEs, XSS Vulnerability Tags 0-day, 2.1, 2014-7293, application, attack, browser, coding, computer bug, crime prevention, cross-site, cve, cyber-security, exploit, hacker, IT vulnerability, NYU, Open Redirect, OpenSSO Integration, PHP Code, test, vulnerability, web, white-hat, whitehat, XSS