[FD] CVE-2014-2230 - OpenX Open Redirect Vulnerability

2014-10-16 Thread Jing Wang
Exploit Title: OpenX Open Redirect Vulnerability Product: OpenX Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Advisory Publication: OCT 8, 2014 Latest Update: OCT 8, 2014 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-2230 Risk Level:

[FD] New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected)

2014-10-16 Thread Jing Wang
New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected) Domain: http://www.nytimes.com/ Vulnerability Description: The vulnerability occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its

[FD] CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability

2014-10-20 Thread Jing Wang
Exploit Title: Newtelligence dasBlog Open Redirect Vulnerability Product: dasBlog Vendor: Newtelligence Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813) Tested Version: 2.3 (2.3.9074.18820) Advisory Publication: OCT 15, 2014 Latest Update: OCT 15, 2014 Vulnerability

[FD] Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability ( All URLs Under the Two Domains)

2014-10-20 Thread Jing Wang
Domains: http://lxr.mozilla.org/ http://mxr.mozilla.org/ (The two domains above are almost the same) Websites information: lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the

[FD] Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities Can be Used by Spammers

2014-11-14 Thread Jing Wang
Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities Can be Used by Spammers Although Google does not include Open Redirect vulnerabilities in its bug bounty program, its preventive measures against Open Redirect attacks have been quite thorough and effective to date.

[FD] Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net

2014-11-14 Thread Jing Wang
Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net http://googleads.g.doubleclick.net/ -- Google Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net http://googleads.g.doubleclick.net/ The vulnerability exists at Logout? page with continue parameter, i.e.

[FD] CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability

2014-11-14 Thread Jing Wang
CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability Exploit Title: Atlas Systems Aeon XSS Vulnerability Product: Aeon Vendor: Atlas Systems Vulnerable Versions: 3.6 3.5 Tested Version: 3.6 Advisory Publication: Nov 12, 2014 Latest Update: Nov 12, 2014 Vulnerability Type:

[FD] CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability

2014-11-26 Thread Jing Wang
*Exploit Title: Springshare LibCal XSS (Cross-Site Scripting) Vulnerability* Product: LibCal Vendor: Springshare Vulnerable Versions: 2.0 Tested Version: 2.0 Advisory Publication: Nov 25, 2014 Latest Update: Nov 25, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference:

[FD] CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation

2014-11-26 Thread Jing Wang
http://tetraph.com/security/open-redirect/cve-2014-8754-wordpress-ad-manager-plugin-dest-redirect-privilege-escalation/#respond *CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation* Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation

[FD] All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (cross site scripting) Attacks

2014-11-26 Thread Jing Wang
*All Links in **Two Topics of Indiatimes (indiatimes.com http://indiatimes.com/) Are Vulnerable to XSS (cross site scripting) Attacks * *Domain Description:* http://www.indiatimes.com According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English

[FD] CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

2014-12-09 Thread Jing Wang
*CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: WebPress Vendor: goYWP Vulnerable Versions: 13.00.06 Tested Version: 13.00.06 Advisory

[FD] CVE-2014-8489 Ping Identity Corporation PingFederate 6.10.1 SP Endpoints Dest Redirect Privilege Escalation Security Vulnerability

2014-12-09 Thread Jing Wang
*CVE-2014-8489 Ping Identity Corporation PingFederate 6.10.1 SP Endpoints Dest Redirect Privilege Escalation Security Vulnerability* Exploit Title: Ping Identity Corporation PingFederate 6.10.1 SP Endpoints Dest Redirect Privilege Escalation Security Vulnerability Product: PingFederate 6.10.1

[FD] ESPN espn.go.com Login Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities

2014-12-09 Thread Jing Wang
*ESPN espn.go.com http://espn.go.com/ Login Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities* *Domain:* http://espn.go.com/ **As of August 2013, ESPN is available to approximately 97,736,000 pay television households (85.58% of households with at least one

[FD] CVE-2014-8752 JCE-Tech Video Niche Script XSS (Cross-Site Scripting) Security Vulnerability

2014-12-18 Thread Jing Wang
*CVE-2014-8752 JCE-Tech Video Niche Script XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: JCE-Tech Video Niche Script /view.php Multiple Parameters XSS Product: Video Niche Script Vendor: JCE-Tech Vulnerable Versions: 4.0 Tested Version: 4.0 Advisory Publication: Nov 18, 2014

[FD] CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

2014-12-18 Thread Jing Wang
*CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: TennisConnect TennisConnect COMPONENTS System /index.cfm pid Parameter XSS Product: TennisConnect COMPONENTS System Vendor: TennisConnect Vulnerable Versions: 9.927 Tested Version:

[FD] Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities

2014-12-18 Thread Jing Wang
*Yahoo Yahoo.com Yahoo.co.jp http://Yahoo.co.jp Open Redirect Security Vulnerabilities* Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all. Multiple Open Redirect vulnerabilities were reported Yahoo.

[FD] CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Security Vulnerabilities

2015-02-02 Thread Jing Wang
*CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: OptimalSite CMS /display_dialog.php image Parameter XSS Security Vulnerability Vendor: OptimalSite Product: OptimalSite Content Management System (CMS) Vulnerable

[FD] About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities

2015-02-02 Thread Jing Wang
*About Group (about.com http://about.com) All Topics (At least 99.88% links) Vulnerable to XSS Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities* *Vulnerability Description:* About.com all topic sites are vulnerable to XSS (Cross-Site Scripting) and Iframe

[FD] CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities

2015-01-22 Thread Jing Wang
*CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities* Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities Product: SmartCMS v.2 Vendor: Smartwebsites Vulnerable Versions: v.2 Tested Version: v.2 Advisory Publication: Jan 22, 2015 Latest

[FD] CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

2015-01-22 Thread Jing Wang
*CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security Vulnerabilities Product: SmartCMS v.2 Vendor: Smartwebsites Vulnerable Versions: v.2 Tested Version: v.2 Advisory Publication: Jan 22, 2015 Latest

[FD] Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS Open Redirect Security Vulnerabilities

2015-01-22 Thread Jing Wang
*Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS Open Redirect Security Vulnerabilities* *Domains Basic:* Alibaba Taobao, AliExpress, Tmall are the top three online shopping websites belonging to Alibaba. Vulnerability Discover: Wang Jing, Division of Mathematical

[FD] CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

2015-02-12 Thread Jing Wang
*CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: Cit-e-Access Vendor: Cit-e-Net Vulnerable Versions: Version 6 Tested Version: Version 6 Advisory Publication: Feb

[FD] CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities

2015-02-12 Thread Jing Wang
*CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities Product: vBulletin Forum Vendor: vBulletin Vulnerable Versions: 5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4 Tested Version: 5.1.3

[FD] CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

2015-02-18 Thread Jing Wang
*CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: InstantForum.NET Vendor: InstantASP Vulnerable Versions: v4.1.3 v4.1.1

[FD] DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

2015-02-18 Thread Jing Wang
*DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v5 v4.6 v4.5 Tested Version: v5 v4.6 Advisory Publication: Feb 18, 2015

[FD] DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities

2015-02-18 Thread Jing Wang
*DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities* Exploit Title: DLGuard /index.php c parameter Full Path Disclosure Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: Feb 18, 2015 Latest

[FD] DLGuard SQL Injection Security Vulnerabilities

2015-02-18 Thread Jing Wang
DLGuard SQL Injection Security Vulnerabilities Exploit Title: DLGuard /index.php c parameter SQL Injection Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: Feb 18, 2015 Latest Update: Feb 18, 2015 Vulnerability Type:

[FD] CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities

2015-01-31 Thread Jing Wang
CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS Product: SnipSnap Vulnerable Versions: 0.5.2a 1.0b1 1.0b2 Tested Version: 0.5.2a 1.0b1 1.0b2 Advisory Publication: Jan 30, 2015 Latest Update: Jan 30, 2015

[FD] CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability

2015-01-10 Thread Jing Wang
*CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability* Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection Product: SoftBB (mods) Vendor: Softbb.net Vulnerable Versions: v0.1.3 Tested Version: v0.1.3 Advisory Publication: Jan 10, 2015 Latest

[FD] CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

2015-01-10 Thread Jing Wang
CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS Product: SoftBB (mods) Vendor: Softbb.net Vulnerable Versions: v0.1.3 Tested Version: v0.1.3 Advisory Publication: Jan 10, 2015

[FD] 724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

2015-03-16 Thread Jing Wang
*724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: 724CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 15, 2015

[FD] Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

2015-03-16 Thread Jing Wang
*Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities* Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL Redirection Security Vulnerabilities Vendor: Innovative Interfaces Inc Product: WebPAC Pro Vulnerable Versions: 2.0 Tested

[FD] 724CMS 5.01 Multiple Information Leakage Security Vulnerabilities

2015-03-16 Thread Jing Wang
*724CMS 5.01 Multiple Information Leakage Security Vulnerabilities* Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest

[FD] 724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

2015-03-16 Thread Jing Wang
*724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities* Exploit Title: 724CMS /section.php Module Parameter Directory Traversal Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14,

[FD] 724CMS 5.01 Multiple SQL Injection Security Vulnerabilities

2015-03-16 Thread Jing Wang
*724CMS 5.01 Multiple SQL Injection Security Vulnerabilities* Exploit Title: 724CMS Multiple SQL Injection Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14,

[FD] Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities

2015-03-07 Thread Jing Wang
*Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities* Exploit Title: Webshop hun v1.062S /index.php termid parameter Information Leakage Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version:

[FD] WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities

2015-03-07 Thread Jing Wang
*WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme v1.6.2 /thumb.php src Parameter Unrestricted Upload of File Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable

[FD] WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

2015-03-07 Thread Jing Wang
*WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id Parameters SQL Injection Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.2 Tested

[FD] NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities

2015-03-07 Thread Jing Wang
*NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple CRLF Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Version:

[FD] WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities

2015-03-10 Thread Jing Wang
*WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme /thumb.php src Parameters Information Leakage Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.* v1.5.*

[FD] Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities

2015-03-04 Thread Jing Wang
*Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Webshop hun v1.062S /index.php Multiple Parameters XSS Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S Advisory Publication: Mar 04,

[FD] WordPress Max Banner Ads Plug-in XSS (Cross-site Scripting) Security Vulnerabilities

2015-03-04 Thread Jing Wang
*WordPress Max Banner Ads Plug-in XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Wordpress Max Banner Ads Plugin /info.php zone_id Parameter XSS Security Vulnerabilities Product: Wordpress Max Banner Ads Plugin Vendor: MaxBlogPress Vulnerable Versions: 1.9 1.8 1.4 1.3.*

[FD] NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities

2015-03-01 Thread Jing Wang
*NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

[FD] Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities

2015-03-01 Thread Jing Wang
*Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities* Exploit Title: Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory

[FD] Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities

2015-03-01 Thread Jing Wang
*Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Comsenz SupeSite CMS /cp.php do parameter Reflected XSS Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested

[FD] NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities

2015-03-01 Thread Jing Wang
*NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

[FD] MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection Web Security Vulnerabilities

2015-05-08 Thread Jing Wang
-- Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com/wangjing/ https://twitter.com/justqdjing ___ Sent through the Full

[FD] MT.VERNON MEDIA Web-Design v1.12 Multiple XSS (Cross-site Scripting) Web Security Vulnerabilities

2015-05-08 Thread Jing Wang
=www.fusionvmTabId=0Lang=en-USOU=0ItemId=44832 https://www.bugscan.net/#!/x/21289 http://bluereader.org/article/30765596 -- Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com

[FD] MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security Vulnerabilities

2015-05-08 Thread Jing Wang
://lists.openwall.net/full-disclosure/2015/04/15/3 -- Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com/wangjing/ https://twitter.com/justqdjing

[FD] Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

2015-05-08 Thread Jing Wang
: May 09, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 8.6 Writer and Reporter: Jing Wang [School of Physical

[FD] NetCat CMS 3.12 HTML Injection Security Vulnerabilities

2015-04-14 Thread Jing Wang
*NetCat CMS 3.12 HTML Injection Security Vulnerabilities* Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

[FD] NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

2015-04-14 Thread Jing Wang
*NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities* Exploit Title: NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested

[FD] ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities

2015-04-05 Thread Jing Wang
*ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities Vendor: ECE Projektmanagement G.m.b.H. Co. KG (ECE) Product: ECE Projects Vulnerable Versions: Tested Version: Advisory Publication: April 01, 2015

[FD] 6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities

2015-04-05 Thread Jing Wang
*6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: 6kbbs XSS (Cross-site Scripting) Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1 v8.0 Tested Version: v7.1 v8.0 Advisory Publication: April 02, 2015 Latest Update: April 02, 2015

[FD] 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities

2015-06-11 Thread Jing Wang
*6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities* Exploit Title: 6kbbs Weak Encryption Web Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1 v8.0 Tested Version: v7.1 v8.0 Advisory Publication: June 08, 2015 Latest Update: June 10, 2015

[FD] FC2 Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities

2015-06-11 Thread Jing Wang
*(2.2.3) Vulnerability Disclosure:* Those vulnerabilities are not patched now. *More Details:* http://tetraph.com/security/web-security/fc2-rakuten-xss-and-url-redirection/ http://securityrelated.blogspot.com/2015/06/fc2-rakuten-online-websites-multiple.html -- Jing Wang

[FD] Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

2015-05-24 Thread Jing Wang
://www.mail-archive.com/fulldisclosure%40seclists.org/msg02028.html http://seclists.org/fulldisclosure/2015/May/34 https://www.bugscan.net/#!/x/21839 http://lists.openwall.net/full-disclosure/2015/04/05/8 http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1957 -- Jing Wang, Division

[FD] phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities

2015-05-24 Thread Jing Wang
-2015030028 http://permalink.gmane.org/gmane.comp.security.oss.general/16883 http://lists.openwall.net/full-disclosure/2015/04/15/1 http://seclists.org/fulldisclosure/2015/Apr/35 -- Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang

[FD] PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug

2015-08-01 Thread Jing Wang
/full-disclosure/2015/03/07/4 -- Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.tetraph.com/wangjing/ https://twitter.com/justqdjing

[FD] TeleGraph All Photo (Picture) Pages Have Been Vulnerable to XSS Cyber Attacks

2015-11-02 Thread Jing Wang
be *Blog Details:* http://www.tetraph.com/security/website-test/telegraph-xss/ http://securityrelated.blogspot.com/2015/10/telegraph-xss-0day.html *(3) Vulnerability Disclosure:* These vulnerabilities have been patched now. -- Jing Wang, Division of Mathematical Sciences (MAS), Schoo

[FD] KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

2015-08-30 Thread Jing Wang
-oss-3-0-3b-reflected-xss/ http://lists.openwall.net/full-disclosure/2015/03/10/5 http://marc.info/?l=full-disclosurem=143251239323317w=4 https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01415.html -- Jing Wang, Division of Mathematical Sciences (MAS), School of Physical

[FD] VuFind 1.0 Web Application Reflected XSS (Cross-site Scripting) 0-Day Bug Security Issue

2015-09-25 Thread Jing Wang
l http://marc.info/?l=oss-security=144094021709472=4 http://lists.openwall.net/full-disclosure/2015/08/31/2 http://ithut.tumblr.com/post/128012509383/webcabinet-winmail-server-42-reflected-xss http://seclists.org/fulldisclosure/2015/Aug/84 http://lists.openwall.net/full-disclosure/2015/08/31/2