Gcon Tech Solutions v1.0 SQL Injection Web Security Vulnerabilities

gconts_sql2

 

Gcon Tech Solutions v1.0 SQL Injection Web Security Vulnerabilities

 

Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter SQL Injection Security Vulnerabilities

Product: Gcon Tech Solutions

Vendor: Gcon Tech Solutions

Vulnerable Versions: v1.0

Tested Version: v1.0

Advisory Publication: May 24, 2015

Latest Update: May 24, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

Gcon Tech Solutions

 

Product & Vulnerable Versions:

Gcon Tech Solutions

v1.0

 

Vendor URL & Download:

Gcon Tech Solutions can be obtained from here,

http://www.gconts.com/Development.htm

 

Google Dork:

“Developed and maintained by Gcon Tech Solutions”

 

Product Introduction Overview:

“Over the years we have developed business domain knowledge various business areas. We provide Development Services either on time and material or turn-key fixed prices basis, depending on the nature of the project. Application Development Services offered by Gcon Tech Solutions help streamline business processes, systems and information. Gcon Tech Solutions has a well-defined and mature application development process, which comprises the complete System Development Life Cycle (SDLC) from defining the technology strategy formulation to deploying, production operations and support. We fulfill our client’s requirement firstly from our existing database of highly skilled professionals or by recruiting the finest candidates locally. We analyze your business requirements and taking into account any constraints and preferred development tools, prepare a fixed price quote. This offers our customers a guaranteed price who have a single point contact for easy administration. We adopt Rapid Application Development technique where possible for a speedy delivery of the Solutions. Salient Features of Gcon Tech Solutions Application Development Services: (a) Flexible and Customizable. (b) Industry driven best practices. (c) Knowledgebase and reusable components repository. (d) Ensure process integration with customers at project initiation”

 

 

 

(2) Vulnerability Details:

Gcon Tech Solutions web application has a computer cyber security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Gcon Tech Solutions has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to SQL Injection vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming code flaw occurs at “content.php?” page with “&id” parameter.

 

 

 

 

 

References:

http://www.tetraph.com/security/sql-injection-vulnerability/gcon-tech-solutions-v1-0-sql/

http://securityrelated.blogspot.com/2015/05/gcon-tech-solutions-v10-sql.html

http://www.diebiyi.com/articles/security/gcon-tech-solutions-v1-0-sql/

http://www.inzeed.com/kaleidoscope/computer-web-security/gcon-tech-solutions-v1-0-sql/

http://computerobsess.blogspot.com/2015/05/gcon-tech-solutions-v10-sql.html

https://itswift.wordpress.com/2015/05/23/gcon-tech-solutions-v1-0-sql/

http://whitehatpost.blog.163.com/blog/static/242232054201542455422939/

https://webtechwire.wordpress.com/2015/05/24/gcon-tech-solutions-v1-0-sql/

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01766.html

http://cxsecurity.com/issue/WLB-2015040036

http://seclists.org/fulldisclosure/2015/May/32

https://www.bugscan.net/#!/x/21454

http://lists.openwall.net/full-disclosure/2015/05/08/8

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1955

 

CVE-2008-2335 – Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Web Security Vulnerabilities

vastal_2

 

CVE-2008-2335 – Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Web Security Vulnerabilities
Exploit Title: Vastal I-tech phpVID Multiple XSS Security Vulnerabilities
Product: phpVID
Vendor: Vastal I-tech
Vulnerable Versions: 1.2.3   0.9.9
Tested Version: 1.2.3   0.9.9
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2008-2335
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

 

Suggestion Details:

(1) Vendor & Product Description:


Vendor:

Vastal I-tech

 

Product & Vulnerable Versions:

phpVID

1.2.3

0.9.9

 

Vendor URL & Download:

phpVID can be bought from here,

http://www.vastal.com/phpvid-the-video-sharing-software.html#.VP7aQ4V5MxA

 

Product Introduction:

“phpVID is a video sharing software or a video shating script and has all the features that are needed to run a successful video sharing website like youtube.com. The features include the following. phpVID is the best youtube clone available. The latest features include the parsing of the subtitles file and sharing videos via facebook. With phpVID Video Sharing is extremely easy. “

“The quality of code and the latest web 2.0 technologies have helped our customers to achieve their goals with ease. Almost all customers who have purchased phpVID are running a successful video sharing website. The quality of code has helped in generating more then 3 million video views a month using a “single dedicated server”. phpVID is the only software in market which was built in house and not just purchased from someone. We wrote the code we know the code and we support the code faster then anyone else. Have any questions/concerns please contact us at: info@vastal.com. See demo at: http://www.phpvid.com. If you would like to see admin panel demo please email us at: info@vastal.com.”

“Server Requirements:

Preferred Server: Linux any Version

PHP 4.1.0 or above

MySQL 3.1.10 or above

GD Library 2.0.1 or above

Mod Rewrite and .htaccess enabled on server.

FFMPEG (If you wish to convert the videos to Adobe Flash)”

 

 

 

(2) Vulnerability Details:

phpVID web application has a security bug problem. It can be exploited by XSS (Cross-site Scripting) attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. Some bug hunter researchers also have found other XSS vulnerabilities related to it before. phpVID has patched some of them.

(2.1) The first code programming flaw occurs at “members.php?” page with “&browse” parameter.

(2.2) The second code programming flaw occurs at “login.php?” page with “&next” parameter.

(2.3) The third code programming flaw occurs at “search_results.php?” page with “&query” parameter.

(2.4) The fourth code programming flaw occurs at “groups.php?” page with “&type” parameter.

 

 

 

 

References:
http://www.tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss
http://securityrelated.blogspot.com/2015/03/vastal-i-tech-phpvid-123-multiple-xss.html
http://www.inzeed.com/kaleidoscope/computer-web-security/vastal-i-tech-phpvid-1-2-3
http://diebiyi.com/articles/security/vastal-i-tech-phpvid-1-2-3-multiple
https://cxsecurity.com/issue/WLB-2015030026
http://computerobsess.blogspot.com/2015/09/vastal-xss.html
https://hackertopic.wordpress.com/2015/08/13/vastal-xss/
http://lists.openwall.net/full-disclosure/2015/03/10/9
http://tetraph.blog.163.com/blog/static/234603051201584111058296/
http://marc.info/?l=full-disclosure&m=142601091100720&w=4
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1700

CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities

vastal_1

 

CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities

Exploit Title: CVE-2015-2563 Vastal I-tech phpVID /groups.php Multiple Parameters SQL Injection Web Security Vulnerabilities

Product: phpVID

Vendor: Vastal I-tech

Vulnerable Versions: 1.2.3 0.9.9

Tested Version: 1.2.3 0.9.9

Advisory Publication: March 13, 2015

Latest Update: April 25, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: CVE-2015-2563

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

 

Direction Details:



(1) Vendor & Product Description:



Vendor:

Vastal I-tech

 

Product & Vulnerable Versions:

phpVID

1.2.3

0.9.9

 

Vendor URL & Download:

phpVID can be approached from here,

http://www.vastal.com/phpvid-the-video-sharing-software.html#.VP7aQ4V5MxA


Product Introduction Overview:

“phpVID is a video sharing software or a video shating script and has all the features that are needed to run a successful video sharing website like youtube.com. The features include the following. phpVID is the best youtube clone available. The latest features include the parsing of the subtitles file and sharing videos via facebook. With phpVID Video Sharing is extremely easy.”


“The quality of code and the latest web 2.0 technologies have helped our customers to achieve their goals with ease. Almost all customers who have purchased phpVID are running a successful video sharing website. The quality of code has helped in generating more then 3 million video views a month using a “single dedicated server”. phpVID is the only software in market which was built in house and not just purchased from someone. We wrote the code we know the code and we support the code faster then anyone else. Have any questions/concerns please contact us at: info@vastal.com. See demo at: http://www.phpvid.com. If you would like to see admin panel demo please email us at: info@vastal.com.”


“Server Requirements:

Preferred Server: Linux any Version

PHP 4.1.0 or above

MySQL 3.1.10 or above

GD Library 2.0.1 or above

Mod Rewrite and .htaccess enabled on server.

FFMPEG (If you wish to convert the videos to Adobe Flash)”

 

 

 

(2) Vulnerability Details:

phpVID web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Other bug hunter researchers have found some SQL Injection vulnerabilities related to it before, too. phpVID has patched some of them.


Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. phpVID has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services.” Openwall has published suggestions, advisories, solutions details related to important vulnerabilities.



(2.1) The first code programming flaw occurs at “&order_by” “&cat” parameters in “groups.php?” page.


 

 

 

 

Related Links:

http://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injection.html

https://progressive-comp.com/?l=full-disclosure&m=142601071700617&w=2

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1699

http://lists.openwall.net/full-disclosure/2015/03/10/8

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142601071700617&w=2

http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2563/

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551597501701&w=2

https://cxsecurity.com/issue/WLB-2015020091

https://www.facebook.com/permalink.php?story_fbid=935563809832135&id=874373602617823

http://biboying.lofter.com/post/1cc9f4f5_6ee2aa5

http://mathpost.tumblr.com/post/118768553885/xingti-cve-2015-2563-vastal-i-tech-phpvid


WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities

wordpress_daily_edition_4

WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities

Exploit Title: WordPress Daily Edition Theme /thumb.php src Parameters Information Leakage Security Vulnerabilities

Product: WordPress Daily Edition Theme

Vendor: WooThemes

Vulnerable Versions: v1.6.* v1.5.* v1.4.* v1.3.* v1.2.* v1.1.* v.1.0.*

Tested Version: v1.6.2

Advisory Publication: March 10, 2015

Latest Update: March 10, 2015

Vulnerability Type: Information Exposure [CWE-200]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]


Advisory Details:

(1) Vendor & Product Description:

Vendor:

WooThemes

Product & Vulnerable Versions:

WordPress Daily Edition Theme

version 1.6.7

version 1.6.6

version 1.6.5

version 1.6.4

version 1.6.3

version 1.6.2

version 1.6.1

version 1.6

version 1.5

version 1.4.11

version 1.4.10

version 1.4.9

version 1.4.8

version 1.4.7

version 1.4.6

version 1.4.5

version 1.4.4

version 1.4.3

version 1.4.2

version 1.4.1

version 1.4.0

version 1.3.2

version 1.3.1

version 1.3

version 1.2.1

version 1.2

version 1.1.2

version 1.1.1

version 1.1

version 1.0.12

version 1.0.11

version 1.0.10

version 1.0.9

version 1.0.8

version 1.0.7

version 1.0.6

version 1.0.5

version 1.0.4

version 1.0.3

version 1.0.2

version 1.0.1

version 1.0

Vendor URL & buy:

WordPress Daily Edition Theme can be got from here,

http://www.woothemes.com/products/daily-edition/

http://dzv365zjfbd8v.cloudfront.net/changelogs/dailyedition/changelog.txt

Product Introduction:

“Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication”

“The Daily Edition theme offers users many options, controlled from the widgets area and the theme options page – it makes both the themes appearance and functions flexible. From The Daily Edition 3 option pages you can for example add your Twitter and Google analytics code, some custom CSS and footer content – and in the widgets area you find a practical ads management.”

“Unique Features

These are some of the more unique features that you will find within the theme:

A neat javascript home page featured slider, with thumbnail previews of previous/next slides on hover over the dots.

A “talking points” home page that can display posts according to tags, in order of most commented to least commented. A great way to highlight posts gathering dust in the archives.

A customizable home page layout with options to specify how many full width blog posts and how many “box” posts you would like to display.

A javascript home page video player with thumbnail hover effect.

16 delicious colour schemes to choose from!”

(2) Vulnerability Details:

WordPress Daily Edition Theme has a web application security bug problem. It can be exploited by information leakage attacks. This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

(2.1) The code flaw occurs at “thumb.php?” page with “src” parameters.

References:

http://tetraph.com/security/information-leakage-vulnerability/wordpress-daily-edition-theme-v1-6-2-information-leakage-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/wordpress-daily-edition-theme-v162_10.html

http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-daily-edition-theme-v1-6-2-information-leakage-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-daily-edition-theme-v1-6-2-information-leakage-security-vulnerabilities/

https://webtechwire.wordpress.com/2015/03/10/wordpress-daily-edition-theme-v1-6-2-information-leakage-security-vulnerabilities/

http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2

https://cxsecurity.com/issue/WLB-2015020093

WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities

wordpress_daily_editon2

WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id Parameters XSS Security Vulnerabilities

Product: WordPress Daily Edition Theme

Vendor: WooThemes

Vulnerable Versions: v1.6.* v1.5.* v1.4.* v1.3.* v1.2.* v1.1.* v.1.0.*

Tested Version: v1.6.2

Advisory Publication: March 10, 2015

Latest Update: March 10, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Advisory Details:


(1) Vendor & Product Description:


Vendor:

WooThemes

Product & Vulnerable Versions:

WordPress Daily Edition Theme

version 1.6.7

version 1.6.6

version 1.6.5

version 1.6.4

version 1.6.3

version 1.6.2

version 1.6.1

version 1.6

version 1.5

version 1.4.11

version 1.4.10

version 1.4.9

version 1.4.8

version 1.4.7

version 1.4.6

version 1.4.5

version 1.4.4

version 1.4.3

version 1.4.2

version 1.4.1

version 1.4.0

version 1.3.2

version 1.3.1

version 1.3

version 1.2.1

version 1.2

version 1.1.2

version 1.1.1

version 1.1

version 1.0.12

version 1.0.11

version 1.0.10

version 1.0.9

version 1.0.8

version 1.0.7

version 1.0.6

version 1.0.5

version 1.0.4

version 1.0.3

version 1.0.2

version 1.0.1

version 1.0

Vendor URL & buy:

WordPress Daily Edition Theme can be got from here,

http://www.woothemes.com/products/daily-edition/

http://dzv365zjfbd8v.cloudfront.net/changelogs/dailyedition/changelog.txt

Product Introduction:

“Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication”

“The Daily Edition theme offers users many options, controlled from the widgets area and the theme options page – it makes both the themes appearance and functions flexible. From The Daily Edition 3 option pages you can for example add your Twitter and Google analytics code, some custom CSS and footer content – and in the widgets area you find a practical ads management.”

“Unique Features

These are some of the more unique features that you will find within the theme:

A neat javascript home page featured slider, with thumbnail previews of previous/next slides on hover over the dots.

A “talking points” home page that can display posts according to tags, in order of most commented to least commented. A great way to highlight posts gathering dust in the archives.

A customizable home page layout with options to specify how many full width blog posts and how many “box” posts you would like to display.

A javascript home page video player with thumbnail hover effect.

16 delicious colour schemes to choose from!”

(2) Vulnerability Details:

WordPress Daily Edition Theme web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

(2.1) The code programming flaw occurs at “fiche-disque.php?” page with “id” parameters.

References:

http://tetraph.com/security/xss-vulnerability/wordpress-daily-edition-theme-v1-6-2-xss-cross-site-scripting-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/wordpress-daily-edition-theme-v162-xss.html

http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-daily-edition-theme-v1-6-2-xss-cross-site-scripting-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-daily-edition-theme-v1-6-2-xss-cross-site-scripting-security-vulnerabilities/

https://webtechwire.wordpress.com/2015/03/10/wordpress-daily-edition-theme-v1-6-2-xss-cross-site-scripting-security-vulnerabilities/

http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142426561507008&w=2

https://cxsecurity.com/issue/WLB-2015030029

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

 Fingerprint on pixellated screen
Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
CVE Reference: CVE-2014-9560
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

http://webtechhut.blogspot.com/2015/02/cve-2014-9560-softbbnet-softbb-sql.html

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

Cyber-Security-2
Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-9561

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

http://www.tetraph.com/blog/xss-vulnerability/cve-2014-9561-softbb-net-softbb-xss-cross-site-scripting-security-vulnerability/

CVE-2014-7294 NYU OpenSSO Integration Open Redirect Security Vulnerability

examine_binary-300x215

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter Open Redirect

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Open Redirect [CWE-601]

CVE Reference: CVE-2014-7294

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

http://www.inzeed.com/kaleidoscope/open-redirect/cve-2014-7294-nyu-opensso-integration-open-redirect-security-vulnerability/

CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability

Computer Circuit Board

Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS

Product: OpenSSO Integration

Vendor: NYU

Vulnerable Versions: 2.1 and probability prior

Tested Version: 2.1

Advisory Publication: DEC 29, 2014

Latest Update: DEC 29, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-7293

Risk Level: Medium

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Times of India website vulnerable to Cross Site Scripting (XSS) attacks

computer_lightning

Times of India website vulnerable to Cross Site Scripting (XSS) attacks

India’s premier daily and popular website, Times of India is vulnerable to critical cross site scripting (XSS) attacks.  Times of India which operates a website called indiatimes.com is a top news website in India and elsewhere.

The XSS vulnerability in the Times of India website was discovered by Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.  He has found that the vulnerability occurs at Indiatimes’s URL links. Indiatimes only party filters the filenames in its website.  Jing says due to this almost all URLs under Indiatimes’s “Photogallery” and “Top-lists” topics are affected by this vulnerability.

http://www.techworm.net/2014/12/times-india-website-vulnerable-cross-site-scripting-xss-attacks.html