[FD] NetCat CMS 3.12 HTML Injection Security Vulnerabilities

2015-04-14 Thread Jing Wang
*NetCat CMS 3.12 HTML Injection Security Vulnerabilities* Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

[FD] NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

2015-04-14 Thread Jing Wang
*NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities* Exploit Title: NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested

[FD] whitepaper: Identifier based XSSI attacks

2015-04-14 Thread Takeshi Terada
Hello list members, We released a new technical whitepaper titled: Identifier based XSSI attacks CVE numbers: CVE-2014-6345, CVE-2014-7939 URL: http://www.mbsd.jp/Whitepaper/xssi.pdf Introduction: --- Cross Site Script Inclusion (XSSI) is an attack technique (or a