Monthly Archives: March 2015

Full Disclosure

WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security Vulnerabilities

Leave a comment

Posted by Jing Wang on Mar 05

*WordPress “Max Banner Ads” Plug-in XSS (Cross-site Scripting) Security
Vulnerabilities*

Exploit Title: WordPress “Max Banner Ads” Plugin /info.php &zone_id
Parameter XSS Security Vulnerabilities
Product: WordPress “Max Banner Ads” Plugin
Vendor: MaxBlogPress
Vulnerable Versions: 1.9 1.8 1.4 1.3.* 1.2.* 1.1 1.09
Tested Version: Check All Related Versions’ Source Code
Advisory Publication: Mar 04,…

Full Disclosure

Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities

Leave a comment

Posted by Jing Wang on Mar 05

*Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities*

Exploit Title: Webshop hun v1.062S /index.php Multiple Parameters XSS
Security Vulnerabilities
Product: Webshop hun
Vendor: Webshop hun
Vulnerable Versions: v1.062S
Tested Version: v1.062S
Advisory Publication: Mar 04, 2015
Latest Update: Mar 04, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Credit: Wang Jing [CCRG, Nanyang Technological…

Full Disclosure

Webshop hun v1.062S Directory Traversal Security Vulnerabilities

Leave a comment

Posted by Jing Wang on Mar 05

*Webshop hun v1.062S Directory Traversal Security Vulnerabilities*

Exploit Title: Webshop hun v1.062S /index.php &mappa Parameter Directory
Traversal Security Vulnerabilities
Product: Webshop hun
Vendor: Webshop hun
Vulnerable Versions: v1.062S
Tested Version: v1.062S
Advisory Publication: Mar 04, 2015
Latest Update: Mar 04, 2015
Vulnerability Type: Improper Limitation of a Pathname to a Restricted
Directory (‘Path Traversal’)…

Full Disclosure

Webshop hun v1.062S SQL Injection Security Vulnerabilities

Leave a comment

Posted by Jing Wang on Mar 05

*Webshop hun v1.062S SQL Injection Security Vulnerabilities*

Exploit Title: Webshop hun v1.062S /index.php Multiple Parameters SQL
Injection Security Vulnerabilities
Product: Webshop hun
Vendor: Webshop hun
Vulnerable Versions: v1.062S
Tested Version: v1.062S
Advisory Publication: Mar 04, 2015
Latest Update: Mar 04, 2015
Vulnerability Type: Improper Control of Generation of Code (‘Code
Injection’) [CWE-94]
CVE Reference: *
Credit: Wang…

Full Disclosure

Java 8u40 released: why?

Leave a comment

Posted by paul . szabo on Mar 05

I notice that Java (JDK, JRE) update 8u40 has been released.
Though
http://www.oracle.com/technetwork/java/javase/downloads/index.html
says “this release includes important security fixes”, the release notes
http://www.oracle.com/technetwork/java/javase/8u40-relnotes-2389089.html
says the “security baseline” is 1.8.0_31 (unchanged).
I do not notice any major “useability” issues fixed.
So: why this out-of-band…

Full Disclosure

Partial pointer leaks

Leave a comment

Posted by Christophe Hauser on Mar 05

Hi everyone,

I am posting this message in the hope to gather suggestions about
potential past vulnerabilities of a specific kind (described below), or
ideas about applications, libraries or APIs that might potentially be
subject to it.

As part of an academic project, I am looking for examples of partial,
and eventually indirect pointer leaks in the wild. I am basically after
leaks that only reveal several bits (but not all) of an address (heap,…

Full Disclosure

WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security Vulnerabilities

Leave a comment

Posted by Jing Wang on Mar 05

*WordPress Newsletter Plug-in URL Redirection (Open Redirect) Security
Vulnerabilities*

Exploit Title: WordPress Newsletter Plug-in /do.php &nr parameter URL
Redirection Security Vulnerabilities
Product: WordPress Newsletter Plug-in
Vendor: Satollo.net
Vulnerable Versions: 2.6.* 2.5.*
Tested Version: Check Related Versions’ Source Code
Advisory Publication: March 04, 2015
Latest Update: March 04, 2015
Vulnerability Type: URL…