Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

Bug2-300x224

 
Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

 

Exploit Title: Feed2JS v1.7 magpie_debug.php? &url parameter XSS Security Vulnerabilities

Product: Feed2JS

Vendor: feed2js.org

Vulnerable Versions: v1.7

Tested Version: v1.7

Advisory Publication: May 09, 2015

Latest Update: May 09, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Proposition Details:

 

(1) Vendor & Product Description:

Vendor:

feed2js.org

 

Product & Vulnerable Versions:

Feed2JS

v1.7

 

Vendor URL & Download:

Feed2JS can be downloaded from here,

https://feed2js.org/index.php?s=download

 

Source code:

http://www.gnu.org/licenses/gpl.html

 

Product Introduction Overview:

“What is “Feed to JavaScript? An RSS Feed is a dynamically generated summary (in XML format) of information or news published on other web sites- so when the published RSS changes, your web site will be automatically changed too. It is a rather simple technology that allows you, the humble web page designer, to have this content displayed in your own web page, without having to know a lick about XML! Think of it as a box you define on your web page that is able to update itself, whenever the source of the information changes, your web page does too, without you having to do a single thing to it. This Feed2JS web site (new and improved!) provides you a free service that can do all the hard work for you– in 3 easy steps:

Find the RSS source, the web address for the feed.

Use our simple tool to build the JavaScript command that will display it

Optionally style it up to look pretty.

Please keep in mind that feeds are cached on our site for 60 minutes, so if you add content to your RSS feed, the updates will take at least an hour to appear in any other web site using Feed2JS to display that feed. To run these scripts, you need a web server capable of running PHP which is rather widely available (and free). You will need to FTP files to your server, perhaps change permissions, and make some basic edits to configure it for your system. I give you the code, getting it to work is on your shoulders. I will try to help, but cannot always promise answers.”

 

 

 

(2) Vulnerability Details:

Feed2JS web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other Feed2JS products 0-day vulnerabilities have been found by some other bug hunter researchers before. Feed2JS has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services.” Openwall has published suggestions, advisories, solutions details related to XSS vulnerabilities.

 

(2.1) The first programming code flaw occurs at “&url” parameter in “magpie_debug.php?” page.

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/feed2js-v1-7-xss/

http://securityrelated.blogspot.com/2015/05/feed2js-v17-xss-cross-site-scripting.html

http://www.inzeed.com/kaleidoscope/computer-web-security/feed2js-v1-7-xss/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/feed2js-v1-7-xss/

https://vulnerabilitypost.wordpress.com/2015/05/08/feed2js-v1-7-xss/

http://whitehatpost.blog.163.com/blog/static/24223205420154810359682/

https://progressive-comp.com/?l=full-disclosure&m=142907534026807&w=2

https://www.bugscan.net/#!/x/21291

http://bluereader.org/article/27452996

http://lists.openwall.net/full-disclosure/2015/04/15/4

 

Artnana Webboard version 1.4 XSS (Cross-site Scripting) Web Security Vulnerabilities

Algerian-hacker

Artnana Webboard version 1.4 XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: Artnana Webboard version 1.4 Multiple XSS Security Vulnerabilities

Product: Webboard

Vendor: Artnana

Vulnerable Versions: version 1.4

Tested Version: version 1.4

Advisory Publication: May 09, 2015

Latest Update: May 09, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Proposition Details:

(1) Vendor & Product Description:

Vendor:

Artnana

Product & Vulnerable Versions:

Webboard

version 1.4

Vendor URL & Download:

Webboard can be obtained from here,

http://www.artnana.com/web-d.php

Product Introduction Overview:

“Webboard is Thailand IT company that provide software service. Webboard can make your website easier and convenience. WebBoard is a discussion board where you post messages and participate in discussions with the other people in the course.”

(2) Vulnerability Details:

Artnana Webboard web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other Artnana products 0-day vulnerabilities have been found by some other bug hunter researchers before. Artnana has patched some of them. FusionVM® Vulnerability Management and Compliance provides sources for the latest info-sec news, tools, and advisories. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.

(2.1) The first programming code flaw occurs at “&keyword” parameter in “search_topic.php?” page.

(2.2) The second programming code flaw occurs at “&keyword” parameter in “search_products.php” page.

References:

http://www.tetraph.com/security/xss-vulnerability/artnana-webboard-version-1-4-xss/

http://securityrelated.blogspot.com/2015/05/artnana-webboard-version-14-xss-cross.html

http://www.inzeed.com/kaleidoscope/computer-web-security/artnana-webboard-version-1-4-xss/

https://vulnerabilitypost.wordpress.com/2015/05/08/artnana-webboard-version-1-4-xss/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/artnana-webboard-version-1-4-xss/

http://whitehatpost.blog.163.com/blog/static/24223205420154895051990/#

https://progressive-comp.com/?a=139222176300014&r=1&w=1​

https://www.fusionvm.com/FusionVM/DesktopModules/SecurityAdvisories/SecurityAdvisoriesView.aspx?Alias=www.fusionvm&TabId=0&Lang=en-US&OU=0&ItemId=44831

https://www.bugscan.net/#!/x/21221

http://bluereader.org/article/30765597

MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security Vulnerabilities

18hyfk3t3yfo7jpg

MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security Vulnerabilities

Exploit Title: MT.VERNON MEDIA Web-Design v1.12 “gallery.php?” &category parameter HTML Injection Security Vulnerabilities

Product: Web-Design v1.12

Vendor: MT.VERNON MEDIA

Vulnerable Versions: v1.12

Tested Version: v1.12

Advisory Publication: May 08, 2015

Latest Update: May 08, 2015

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Proposition Details:

(1) Vendor & Product Description:

Vendor:

MT.VERNON MEDIA

Product & Vulnerable Versions:

Web-Design

v1.12

Vendor URL & Download:

MT.VERNON MEDIA can be obtained from here,

http://www.mtvernonmedia.com/services/WebDesign.html

Google Dork:

“developed by: Mt. Vernon Media”

Product Introduction Overview:

“In today’s economy every business is more focused on ROI (Return On Investment) than ever before. We’ll help you ensure a solid ROI for your website, not only making it effective and easy to use for your clients, but helping you to drive traffic to your site and ensuring effective content and design to turn traffic into solid leads, sales, or repeat customers. We offer custom design and development services tailored to your needs and specifications drawn up jointly with you to ensure that the appropriate technology is leveraged for optimum results, creating a dynamic and effective design, based on market effectiveness and user-friendly design standards. Our developers are experts in web application development using various programming languages including Perl, SQL, C, C+, and many other back-end programming languages, as well as database integration. For a view of some of your past projects, take a look at our list of clients. We handle custom development of your Internet project from conception through publication:

Internet & Intranet sites

Design concepts, layouts, and specifications

Intuitive Graphical User Interface (GUI) design

Dynamic navigation design

Creation and manipulation of graphical design elements

GIF Animation

Flash development

HTML hand-coding and debugging

JavaScript for interactivity and error-checking

ASP (Active Server Pages)

Customized Perl CGI scripts (mailing lists, form submission, etc)

Customized application development in varied programming languages

Site publication and promotion

On-going updating and maintenance

Banner ads”

(2) Vulnerability Details:

MT.VERNON MEDIA web application has a computer security bug problem. It can be exploited by stored HTML Injection attacks. Hypertext Markup Language (HTML) injection, also sometimes referred to as virtual defacement, is an attack on a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user’s trust.

Several other MT.VERNON MEDIA products 0-day vulnerabilities have been found by some other bug hunter researchers before. MT.VERNON MEDIA has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, solutions details related to HTML vulnerabilities.

(2.1) The first programming code flaw occurs at “&category” parameter in “gallery.php?” page.

References:

http://www.tetraph.com/security/html-injection/mt-vernon-media-web-design-v1-12-html-injection/

http://securityrelated.blogspot.com/2015/05/mtvernon-media-web-design-v112-html.html

http://www.inzeed.com/kaleidoscope/computer-web-security/mt-vernon-media-web-design-v1-12-html-injection/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/mt-vernon-media-web-design-v1-12-html-injection/

https://vulnerabilitypost.wordpress.com/2015/05/08/mt-vernon-media-web-design-v1-12-html-injection/

http://whitehatpost.blog.163.com/blog/static/24223205420154893850881/

https://progressive-comp.com/?l=full-disclosure&m=142907520526783&w=2

https://www.bugscan.net/#!/x/21454

http://seclists.org/fulldisclosure/2015/Apr/37

http://lists.openwall.net/full-disclosure/2015/04/15/3

MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection Web Security Vulnerabilities

2013-Predictions-Computer-Security-Threats-Cyber-Warfare

MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection Web Security Vulnerabilities



Exploit Title: MT.VERNON MEDIA Web-Design v1.12 Multiple SQL Injection Security Vulnerabilities

Product: Web-Design

Vendor: MT.VERNON MEDIA

Vulnerable Versions: v1.12

Tested Version: v1.12

Advisory Publication: May 08, 2015

Latest Update: May 08, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)




Proposition Details:



(1) Vendor & Product Description:



Vendor:

MT.VERNON MEDIA



Product & Vulnerable Versions:

Web-Design

v1.12



Vendor URL & Download:

MT.VERNON MEDIA can be obtained from here,

http://www.mtvernonmedia.com/services/WebDesign.html


Google Dork:

“developed by: Mt. Vernon Media”




Product Introduction Overview:

“In today’s economy every business is more focused on ROI (Return On Investment) than ever before. We’ll help you ensure a solid ROI for your website, not only making it effective and easy to use for your clients, but helping you to drive traffic to your site and ensuring effective content and design to turn traffic into solid leads, sales, or repeat customers. We offer custom design and development services tailored to your needs and specifications drawn up jointly with you to ensure that the appropriate technology is leveraged for optimum results, creating a dynamic and effective design, based on market effectiveness and user-friendly design standards. Our developers are experts in web application development using various programming languages including Perl, SQL, C, C+, and many other back-end programming languages, as well as database integration. For a view of some of your past projects, take a look at our list of clients. We handle custom development of your Internet project from conception through publication:

Internet & Intranet sites

Design concepts, layouts, and specifications

Intuitive Graphical User Interface (GUI) design

Dynamic navigation design

Creation and manipulation of graphical design elements

GIF Animation

Flash development

HTML hand-coding and debugging

JavaScript for interactivity and error-checking

ASP (Active Server Pages)

Customized Perl CGI scripts (mailing lists, form submission, etc)

Customized application development in varied programming languages

Site publication and promotion

On-going updating and maintenance

Banner ads”





(2) Vulnerability Details:

MT.VERNON MEDIA web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.


Several other MT.VERNON MEDIA products 0-day vulnerabilities have been found by some other bug hunter researchers before. MT.VERNON MEDIA has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services.” Openwall has published suggestions, advisories, solutions details related to SQL Injection vulnerabilities.



(2.1) The first programming code flaw occurs at “section.php?” page with “&id” parameter.


(2.2) The second programming code flaw occurs at “illustrated_verse.php?” page with “&id” parameter.


(2.3) The third programming code flaw occurs at “image.php?” page with “&id” parameter.







References:

http://www.tetraph.com/security/sql-injection-vulnerability/mt-vernon-media-web-design-v1-12-multiple-sql-injection/

http://securityrelated.blogspot.com/2015/05/mtvernon-media-web-design-v112-multiple_8.html

http://www.inzeed.com/kaleidoscope/computer-web-security/mt-vernon-media-web-design-v1-12-multiple-sql-injection/

https://progressive-comp.com/?a=139222176300014&r=1&w=1​

http://whitehatpost.blog.163.com/blog/static/242232054201548925221/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/mt-vernon-media-web-design-v1-12-multiple-sql-injection/

https://www.fusionvm.com/FusionVM/DesktopModules/SecurityAdvisories/SecurityAdvisoriesView.aspx?Alias=www.fusionvm&TabId=0&Lang=en-US&OU=0&ItemId=44951

https://www.bugscan.net/#!/x/21160

http://bluereader.org/article/27452998

MT.VERNON MEDIA Web-Design v1.12 Multiple XSS (Cross-site Scripting) Web Security Vulnerabilities

94a8e4618b0ff7ae4be4284cd2963fdc

MT.VERNON MEDIA Web-Design v1.12 Multiple XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: MT.VERNON MEDIA Web-Design v1.12 Multiple XSS Security Vulnerabilities

Product: Web-Design

Vendor: MT.VERNON MEDIA

Vulnerable Versions: v1.12

Tested Version: v1.12

Advisory Publication: May 07, 2015

Latest Update: May 07, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

MT.VERNON MEDIA

Product & Vulnerable Versions:

Web-Design

v1.12

Vendor URL & Download:

MT.VERNON MEDIA can be obtained from here,

http://www.mtvernonmedia.com/services/WebDesign.html

Google Dork:

“developed by: Mt. Vernon Media”

Product Introduction Overview:

“In today’s economy every business is more focused on ROI (Return On Investment) than ever before. We’ll help you ensure a solid ROI for your website, not only making it effective and easy to use for your clients, but helping you to drive traffic to your site and ensuring effective content and design to turn traffic into solid leads, sales, or repeat customers. We offer custom design and development services tailored to your needs and specifications drawn up jointly with you to ensure that the appropriate technology is leveraged for optimum results, creating a dynamic and effective design, based on market effectiveness and user-friendly design standards. Our developers are experts in web application development using various programming languages including Perl, SQL, C, C+, and many other back-end programming languages, as well as database integration. For a view of some of your past projects, take a look at our list of clients. We handle custom development of your Internet project from conception through publication:

Internet & Intranet sites

Design concepts, layouts, and specifications

Intuitive Graphical User Interface (GUI) design

Dynamic navigation design

Creation and manipulation of graphical design elements

GIF Animation

Flash development

HTML hand-coding and debugging

JavaScript for interactivity and error-checking

ASP (Active Server Pages)

Customized Perl CGI scripts (mailing lists, form submission, etc)

Customized application development in varied programming languages

Site publication and promotion

On-going updating and maintenance

Banner ads”

(2) Vulnerability Details:

MT.VERNON MEDIA Web-Design web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other MT.VERNON MEDIA products 0-day vulnerabilities have been found by some other bug hunter researchers before. MT.VERNON MEDIA has patched some of them. BugScan is the first community-based scanner, experienced five code refactoring. It has redefined the concept of the scanner provides sources for the latest info-sec news, tools, and advisories. It also publishs suggestions, advisories, solutions details related to XSS vulnerabilities.

(2.1) The first programming code flaw occurs at “section.php?” page with “&id” parameter.

(2.2) The second programming code flaw occurs at “illustrated_verse.php?” page with “&id” parameter.

(2.3) The third programming code flaw occurs at “image.php?” page with “&id” parameter.

(2.4) The forth programming code flaw occurs at “gallery.php?” page with “&np” parameter.

References:

http://www.tetraph.com/security/xss-vulnerability/mt-vernon-media-web-design-v1-12-multiple-xss/

http://securityrelated.blogspot.sg/2015/05/mtvernon-media-web-design-v112-multiple.html

http://www.inzeed.com/kaleidoscope/computer-web-security/mt-vernon-media-web-design-v1-12-multiple-xss/

https://vulnerabilitypost.wordpress.com/2015/05/08/mt-vernon-media-web-design-v1-12-multiple-xss/

http://whitehatpost.blog.163.com/blog/static/24223205420154885036469

https://progressive-comp.com/?a=139222176300014&r=1&w=1​

https://www.fusionvm.com/FusionVM/DesktopModules/SecurityAdvisories/SecurityAdvisoriesView.aspx?Alias=www.fusionvm&TabId=0&Lang=en-US&OU=0&ItemId=44832

https://www.bugscan.net/#!/x/21289

http://bluereader.org/article/30765596

CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter XSS
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9561
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Advisory Details:
Vendor URL:
(2) Vulnerability Details:
Softbb.net SoftBB can be exploited by XSS Attacks.
(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

References:

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

CVE-2014-9560  Softbb.net SoftBB SQL Injection Security Vulnerabilities

 

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection
Product: SoftBB (mods)
Vendor: Softbb.net
Vulnerable Versions: v0.1.3
Tested Version: v0.1.3
Advisory Publication: Jan 10, 2015
Latest Update: Jan 10, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
CVE Reference: CVE-2014-9560
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

Advisory Details:
Vendor URL:
(2) Vulnerability Details:
Softbb.net SoftBB can be exploited by SQL Injection attacks.
(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

References:

CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

 

Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
Product: WebPress
Vendor: goYWP
Vulnerable Versions: 13.00.06
Tested Version: 13.00.06
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8751
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

 

Advisory Details:
(1) Product
“WebPress is the foundation on which we build web sites. It’s our unique Content Management System (CMS), flexible enough for us to build your dream site, and easy enough for you to maintain it yourself.”

 

(2) Vulnerability Details:
goYWP WebPress has a security problem. It is vulnerable to XSS attacks.
(2.1) The first security vulnerability occurs at “/search.php” page with “&search_param” parameter in HTTP GET.
(2.2) The second security vulnerability occurs at “/forms.php” (form submission ) page with “&name”, “&address” “&comment” parameters in HTTP POST.

 

References:

CVE-2014-7292 Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability

Exploit Title: Newtelligence dasBlog Dest Redirect Privilege Escalation Vulnerability
Product: dasBlog
Vendor:    Newtelligence
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125) 2.1(2.1.8102.813)
Tested Version: 2.3 (2.3.9074.18820)
Advisory Publication: OCT 15, 2014
Latest Update:    OCT 15, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]

 

 

Advisory Details:

Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.

dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It’s a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with /ct.ashx?id=&url= which of course breaks WebSnapr previews.

Web.config code:

 

 

(1) The vulnerability occurs at “ct.ashx?” page, with “&url” parameter,.

 

 

 

Solutions:
2014-10-15 Public disclosure with self-written patch.

 

 

 

 

Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS CVE-2014-2052

Exploit Title: Oracle Access Manager Webserver Plugin Subcomponent Unspecified Remote DoS
Product: Access Manager component in Oracle Fusion Middleware
Vendor:    Oracle
Vulnerable Versions: 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0
Advisory Publication: Apr 15, 2014
Latest Update:    Apr 15, 2014
Vulnerability Type: Uncontrolled Resource Consumption [CWE-400]
CVE Reference: CVE-2014-2452
Risk Level: Medium
CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) (legend)
Solution Status: Fixed by Vendor
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]

Original advisory
Jing Wang has reported two vulnerabilities in Oracle Access Manager, which can be exploited by malicious users to disclose potentially sensitive information and cause a DoS (Denial of Service).

1) An unspecified error within the “WebGate” sub-component can be exploited to disclose certain Oracle Access Manager accessible data.

This vulnerability is reported in versions 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0.

2) An unspecified error within the “Webserver Plugin” sub-component can be exploited to cause a hang or frequently repeatable crash of the application.

This vulnerability is reported in version 11.1.1.5.

Extra information
Solution : Apply updates.
Reported by : Jing Wang.
Changelog : 2014-06-13: Updated “Description” section and credits. Added
one link to the “Original Advisory” section.
Reference original advisory : Oracle: