[FD] Daily Mail Registration Page Unvalidated Redirects and Forwards & XSS Web Security Problem

ignificant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner." (Wikipedia) *(2.3) Vulnerability Disclosure:* This vulnerability has been patched. Blog Details: http://te

[FD] TeleGraph All Photo (Picture) Pages Have Been Vulnerable to XSS Cyber Attacks

Poc Video:* https://www.youtube.com/watch?v=SqjlabJ1OzA&feature=youtu.be *Blog Details:* http://www.tetraph.com/security/website-test/telegraph-xss/ http://securityrelated.blogspot.com/2015/10/telegraph-xss-0day.html *(3) Vulnerability Disclosure:* These vulnerabilities have been patche

[FD] VuFind 1.0 Web Application Reflected XSS (Cross-site Scripting) 0-Day Bug Security Issue

mail-Server-4.2-Cross-Site-Scripting.html http://marc.info/?l=oss-security&m=144094021709472&w=4 http://lists.openwall.net/full-disclosure/2015/08/31/2 http://ithut.tumblr.com/post/128012509383/webcabinet-winmail-server-42-reflected-xss http://seclists.org/fulldisclosure/2015/Aug/84 http://lists.ope

[FD] Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

p://whitehatview.tumblr.com/post/118853357881/tetraph-cve-2014-9468-instantasp http://marc.info/?l=full-disclosure&m=142649827629327&w=4 https://packetstormsecurity.com/files/132029/SITEFACT-CMS-2.01-Cross-Site-Scripting.html -- Jing Wang, Division of Mathematical Sciences (MAS), School of P

[FD] KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

ic/242232054201573084141976/ https://hackertopic.wordpress.com/2015/08/22/knowledgetree-oss-3-0-3b-reflected-xss/ http://lists.openwall.net/full-disclosure/2015/03/10/5 http://marc.info/?l=full-disclosure&m=143251239323317&w=4 https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01

[FD] PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug

/rakuten-website-xss/ http://seclists.org/fulldisclosure/2015/Mar/56 http://lists.openwall.net/full-disclosure/2015/03/07/4 -- Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. http://www.

[FD] FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities

tube.com/watch?v=uxsuLgAdpCw *Blog Detail:* http://tetraph.com/security/open-redirect/rakuten-open-redirect/ http://securityrelated.blogspot.com/2015/06/rakuten-open-redirect.html *(2.2.3) Vulnerability Disclosure:* Those vulnerabilities are not patched now. *More Details:* http://tetraph.c

[FD] 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities

*6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities* Exploit Title: 6kbbs Weak Encryption Web Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1 v8.0 Tested Version: v7.1 v8.0 Advisory Publication: June 08, 2015 Latest Update: June 10, 2015 Vulnerabi

[FD] phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities

st.blog.163.com/blog/static/242232054201542495731506/ http://cxsecurity.com/issue/WLB-2015030028 http://permalink.gmane.org/gmane.comp.security.oss.general/16883 http://lists.openwall.net/full-disclosure/2015/04/15/1 http://seclists.org/fulldisclosure/2015/Apr/35 -- Jing Wang, Division of Math

[FD] Gcon Tech Solutions v1.0 SQL Injection Web Security Vulnerabilities

0seclists.org/msg01766.html http://cxsecurity.com/issue/WLB-2015040036 http://seclists.org/fulldisclosure/2015/May/32 http://lists.openwall.net/full-disclosure/2015/05/08/8 http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1955 -- Jing Wang, Division of Mathematical Sciences (MAS), School of

[FD] Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

/ http://whitehatpost.blog.163.com/blog/static/24223205420154245138791/ https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02028.html http://seclists.org/fulldisclosure/2015/May/34 https://www.bugscan.net/#!/x/21839 http://lists.openwall.net/full-disclosure/2015/04/05/8 http://permali

[FD] Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

date: May 09, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: * Impact CVSS Severity (version 2.0): CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 8.6 Writer and Reporter: Jing Wang [School of Physical

[FD] MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security Vulnerabilities

7520526783&w=2 https://www.bugscan.net/#!/x/21454 http://seclists.org/fulldisclosure/2015/Apr/37 http://lists.openwall.net/full-disclosure/2015/04/15/3 -- Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technolog

[FD] MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection Web Security Vulnerabilities

pModules/SecurityAdvisories/SecurityAdvisoriesView.aspx?Alias=www.fusionvm&TabId=0&Lang=en-US&OU=0&ItemId=44951 https://www.bugscan.net/#!/x/21160 http://bluereader.org/article/27452998 -- Jing Wang, Division of Mathematical Sciences (MAS),

[FD] MT.VERNON MEDIA Web-Design v1.12 Multiple XSS (Cross-site Scripting) Web Security Vulnerabilities

4223205420154885036469 https://progressive-comp.com/?a=139222176300014&r=1&w=1​ https://www.fusionvm.com/FusionVM/DesktopModules/SecurityAdvisories/SecurityAdvisoriesView.aspx?Alias=www.fusionvm&TabId=0&Lang=en-US&OU=0&ItemId=44832 https://www.bugscan.net/#!/x/21289 http://bluereader.o

[FD] NetCat CMS 3.12 HTML Injection Security Vulnerabilities

*NetCat CMS 3.12 HTML Injection Security Vulnerabilities* Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Test

[FD] NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities

*NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities* Exploit Title: NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Ve

[FD] Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities

*Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Proverbs Web Calendar /calendar.php Multiple Parameters XSS (Cross-site Scripting) Security Vulnerabilities Vendor: Proverbs Product: Proverbs Web Calendar Vulnerable Versions: 1.0.0 1.1 1.2.2 2

[FD] 6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities

*6kbbs v8.0 XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: 6kbbs XSS (Cross-site Scripting) Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1 v8.0 Tested Version: v7.1 v8.0 Advisory Publication: April 02, 2015 Latest Update: April 02, 2015 Vu

[FD] 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

*6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities* Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1 v8.0 Tested Version: v7.1 v8.0 Advisory Publication: April 02, 2015

[FD] ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities

*ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities Vendor: ECE Projektmanagement G.m.b.H. & Co. KG (ECE) Product: ECE Projects Vulnerable Versions: Tested Version: Advisory Publication: April 01, 2015

[FD] 724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities

*724CMS 5.01 Multiple XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: 724CMS Multiple XSS (Cross-site Scripting) Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 15, 2015 Lat

[FD] 724CMS 5.01 Multiple SQL Injection Security Vulnerabilities

*724CMS 5.01 Multiple SQL Injection Security Vulnerabilities* Exploit Title: 724CMS Multiple SQL Injection Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015

[FD] 724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities

*724CMS 5.01 Directory (Path) Traversal Security Vulnerabilities* Exploit Title: 724CMS /section.php Module Parameter Directory Traversal Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 201

[FD] 724CMS 5.01 Multiple Information Leakage Security Vulnerabilities

*724CMS 5.01 Multiple Information Leakage Security Vulnerabilities* Exploit Title: 724CMS Multiple Information Leakage Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Upd

[FD] Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

*Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities* Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL Redirection Security Vulnerabilities Vendor: Innovative Interfaces Inc Product: WebPAC Pro Vulnerable Versions: 2.0 Tested

[FD] WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities

*WordPress Daily Edition Theme v1.6.2 Information Leakage Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme /thumb.php src Parameters Information Leakage Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.* v1.5.* v

[FD] Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities

*Webshop hun v1.062S Information Leakage (Full Path Disclosure - FPD) Security Vulnerabilities* Exploit Title: Webshop hun v1.062S /index.php termid parameter Information Leakage Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S

[FD] NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities

*NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple CRLF Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Version:

[FD] WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities

*WordPress Daily Edition Theme v1.6.2 Unrestricted Upload of File Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme v1.6.2 /thumb.php src Parameter Unrestricted Upload of File Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Version

[FD] WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

*WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities* Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id Parameters SQL Injection Security Vulnerabilities Product: WordPress Daily Edition Theme Vendor: WooThemes Vulnerable Versions: v1.6.2 Tested Vers

[FD] Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities

*Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Webshop hun v1.062S /index.php Multiple Parameters XSS Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S Advisory Publication: Mar 04, 2015

[FD] WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities

*WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Wordpress "Max Banner Ads" Plugin /info.php &zone_id Parameter XSS Security Vulnerabilities Product: Wordpress "Max Banner Ads" Plugin Vendor: MaxBlogPress Vulnerable Versions: 1.9 1.8 1.4

[FD] NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities

*NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tes

[FD] NetCat CMS Full Path Disclosure (Information Disclosure) Security Vulnerabilities

*NetCat CMS Full Path Disclosure (Information Disclosure) Security Vulnerabilities* Exploit Title: NetCat CMS Full Path Disclosure Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Te

[FD] NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities

*NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tes

[FD] Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities

*Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities* Exploit Title: Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publica

[FD] Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities

*Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Comsenz SupeSite CMS /cp.php do parameter Reflected XSS Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version

[FD] CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

*CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: InstantForum.NET Vendor: InstantASP Vulnerable Versions: v4.1.3 v4.1.1 v4.

[FD] DLGuard SQL Injection Security Vulnerabilities

DLGuard SQL Injection Security Vulnerabilities Exploit Title: DLGuard /index.php c parameter SQL Injection Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: Feb 18, 2015 Latest Update: Feb 18, 2015 Vulnerability Type: Im

[FD] DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities

*DLGuard Full Path Disclosure (Information Leakage) Security Vulnerabilities* Exploit Title: DLGuard /index.php c parameter Full Path Disclosure Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v4.5 Tested Version: v4.5 Advisory Publication: Feb 18, 2015 Latest Upda

[FD] DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

*DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: DLGuard Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: DLGuard Vendor: DLGuard Vulnerable Versions: v5 v4.6 v4.5 Tested Version: v5 v4.6 Advisory Publication: Feb 18, 2015 Lat

[FD] CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities

*CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: vBulletin XSS (Cross-Site Scripting) Security Vulnerabilities Product: vBulletin Forum Vendor: vBulletin Vulnerable Versions: 5.1.3 5.0.5 4.2.2 3.8.7 3.6.7 3.6.0 3.5.4 Tested Version: 5.1.3 4

[FD] CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

*CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: Cit-e-Access Vendor: Cit-e-Net Vulnerable Versions: Version 6 Tested Version: Version 6 Advisory Publication: Feb

[FD] My Little Forum Multiple XSS Security Vulnerabilities

*My Little Forum Multiple XSS Security Vulnerabilities* Exploit Title: My Little Forum Multiple XSS Security Vulnerabilities Vendor: My Little Forum Product: My Little Forum Vulnerable Versions: 2.3.3 2.2 1.7 Tested Version: 2.3.3 2.2 1.7 Advisory Publication: Feb 2, 2015 Latest Update: Feb

[FD] About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities

*About Group (about.com ) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities* *Vulnerability Description:* About.com all "topic sites" are vulnerable to XSS (Cross-Site Scripting) and Ifram

[FD] CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Security Vulnerabilities

*CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: OptimalSite CMS /display_dialog.php image Parameter XSS Security Vulnerability Vendor: OptimalSite Product: OptimalSite Content Management System (CMS) Vulnerable Ver

[FD] CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS Product: SnipSnap Vulnerable Versions: 0.5.2a 1.0b1 1.0b2 Tested Version: 0.5.2a 1.0b1 1.0b2 Advisory Publication: Jan 30, 2015 Latest Update: Jan 30, 2015 V

[FD] Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities

*Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities* *Domains Basic:* Alibaba Taobao, AliExpress, Tmall are the top three online shopping websites belonging to Alibaba. Vulnerability Discover: Wang Jing, Division of Mathematical Scie

[FD] CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

*CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security Vulnerabilities Product: SmartCMS v.2 Vendor: Smartwebsites Vulnerable Versions: v.2 Tested Version: v.2 Advisory Publication: Jan 22, 2015 Latest U

[FD] CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities

*CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities* Exploit Title: Smartwebsites SmartCMS v.2 Multiple SQL Injection Security Vulnerabilities Product: SmartCMS v.2 Vendor: Smartwebsites Vulnerable Versions: v.2 Tested Version: v.2 Advisory Publication: Jan 22, 2015 Latest Upda

[FD] CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS Product: SoftBB (mods) Vendor: Softbb.net Vulnerable Versions: v0.1.3 Tested Version: v0.1.3 Advisory Publication: Jan 10, 2015 Latest

[FD] CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability

*CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability* Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection Product: SoftBB (mods) Vendor: Softbb.net Vulnerable Versions: v0.1.3 Tested Version: v0.1.3 Advisory Publication: Jan 10, 2015 Latest

[FD] CNN cnn.com Travel XSS and ADS Open Redirect Security Vulnerabilities

*CNN Travel.cnn.com XSS and Ads.cnn.com Open Redirect Security Vulnerability* *Domain:* http://cnn.com "CNN is sometimes referred to as CNN/U.S. to distinguish the American channel from its international sister network, CNN International. As of Augus

[FD] CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability

*CVE-2014-7294 Ex Libris Patron Directory Services (PDS) Open Redirect Security Vulnerability* Exploit Title: Ex Libris Patron Directory Services (PDS) Logon Page url Parameter Open Redirect Product: Ex Libris Patron Directory Services (PDS) Vendor: Ex Libris Vulnerable Versions: 2.1 and probab

[FD] CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability

*CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: Ex Libris Patron Directory Services (PDS) Logon Page url Parameter XSS Product: Ex Libris Patron Directory Services (PDS) Vendor: Ex Libris Vulnerable Versions: 2.1 and pr

[FD] Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities

*Yahoo Yahoo.com Yahoo.co.jp Open Redirect Security Vulnerabilities* Though Yahoo lists open redirect vulnerability on its bug bounty program. However, it seems Yahoo do not take this vulnerability seriously at all. Multiple Open Redirect vulnerabilities were reported Yahoo

[FD] CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

*CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: TennisConnect "TennisConnect COMPONENTS System" /index.cfm pid Parameter XSS Product: TennisConnect COMPONENTS System Vendor: TennisConnect Vulnerable Versions: 9.927 Tested Version

[FD] CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability

*CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: JCE-Tech "Video Niche Script" /view.php Multiple Parameters XSS Product: "Video Niche Script" Vendor: JCE-Tech Vulnerable Versions: 4.0 Tested Version: 4.0 Advisory Publication: Nov 18,

[FD] ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities

*ESPN espn.go.com Login & Register Page XSS and Dest Redirect Privilege Escalation Security Vulnerabilities* *Domain:* http://espn.go.com/ *"*As of August 2013, ESPN is available to approximately 97,736,000 pay television households (85.58% of households with at least o

[FD] CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability

*CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability* Exploit Title: "Ping Identity Corporation" "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Product: PingFederate 6

[FD] CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

*CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities* Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities Product: WebPress Vendor: goYWP Vulnerable Versions: 13.00.06 Tested Version: 13.00.06 Advisory Publication:

[FD] All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (cross site scripting) Attacks

*All Links in **Two Topics of Indiatimes (indiatimes.com ) Are Vulnerable to XSS (cross site scripting) Attacks * *Domain Description:* http://www.indiatimes.com "According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English

[FD] CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation

*CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation* Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Vuln

[FD] CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability

*Exploit Title: Springshare LibCal XSS (Cross-Site Scripting) Vulnerability* Product: LibCal Vendor: Springshare Vulnerable Versions: 2.0 Tested Version: 2.0 Advisory Publication: Nov 25, 2014 Latest Update: Nov 25, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2

[FD] The Weather Channel weather.com Almost All Links Vulnerable to XSS Attacks

*The Weather Channel weather.com Almost All Links Vulnerable to XSS Attacks* Domain Description: http://www.weather.com/ "The Weather Channel is an American basic cable and satellite television channel which broadcasts weather forecasts and weather-related news and ana

[FD] CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability

CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability Exploit Title: Atlas Systems Aeon XSS Vulnerability Product: Aeon Vendor: Atlas Systems Vulnerable Versions: 3.6 3.5 Tested Version: 3.6 Advisory Publication: Nov 12, 2014 Latest Update: Nov 12, 2014 Vulnerability Type: Cr

[FD] Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net

Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net -- Google Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net The vulnerability exists at "Logout?" page with "&continue" parameter,

[FD] Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities Can be Used by Spammers

Google DoubleClick.net(Advertising) System URL Redirection Vulnerabilities Can be Used by Spammers Although Google does not include Open Redirect vulnerabilities in its bug bounty program, its preventive measures against Open Redirect attacks have been quite thorough and effective to date. Howe

[FD] Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability ( All URLs Under the Two Domains)

Domains: http://lxr.mozilla.org/ http://mxr.mozilla.org/ (The two domains above are almost the same) Websites information: lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the main

[FD] CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability

Exploit Title: Newtelligence dasBlog Open Redirect Vulnerability Product: dasBlog Vendor: Newtelligence Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813) Tested Version: 2.3 (2.3.9074.18820) Advisory Publication: OCT 15, 2014 Latest Update: OCT 15, 2014 Vulnerability

[FD] New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected)

New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected) Domain: http://www.nytimes.com/ Vulnerability Description: The vulnerability occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its p

[FD] CVE-2014-2230 - OpenX Open Redirect Vulnerability

Exploit Title: OpenX Open Redirect Vulnerability Product: OpenX Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Advisory Publication: OCT 8, 2014 Latest Update: OCT 8, 2014 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-2230 Risk Level: Low

[FD] Oracle Access Manager (OAM) Vulnerabilities (CVEs)

Oracle Access Manager (formerly known as Oblix NetPoint and Oracle COREid) provides a full range of identity administration and security functions, that include Web single sign-on; user self-service and self-registration; sophisticated workflow functionality; auditing and access reporting; policy m