Internet Explorer 11 on Windows 7 suffers from a same origin bypass vulnerability via universal cross site scripting.
Monthly Archives: February 2015
About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Security Vulnerabilities
Posted by Jing Wang on Feb 02
*About Group (about.com <http://about.com>) All Topics (At least 99.88%
links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com
Open Redirect Security Vulnerabilities*
*Vulnerability Description:*
About.com all “topic sites” are vulnerable to XSS (Cross-Site Scripting)
and Iframe Injection (Cross Frame Scripting) attacks. This means all
sub-domains of about.com are affected. Based on a self-written program,…
Sefrengo CMS v1.6.1 – Multiple SQL Injection Vulnerabilities
Posted by ITAS TEAM on Feb 02
# Exploit Title: Sefrengo CMS v1.6.1 – Multiple SQL Injection
Vulnerabilities
# Vendor: http://www.sefrengo.org/
# Download link: http://forum.sefrengo.org/index.php?showtopic=3368 (
https://github.com/sefrengo-cms/sefrengo-1.x/tree/22c0d16bfd715631ed317cc990785ccede478f07
)
# CVE ID: CVE-2015-1428
# Vulnerability: SQL Injection
# Affected version: Sefrengo CMS v1.6.1
# Fixed version: Sefrengo CMS v1.6.2
#…
CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Security Vulnerabilities
Posted by Jing Wang on Feb 02
*CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site
Scripting) Security Vulnerabilities*
Exploit Title: OptimalSite CMS /display_dialog.php image Parameter XSS
Security Vulnerability
Vendor: OptimalSite
Product: OptimalSite Content Management System (CMS)
Vulnerable Versions: V.1 V2.4
Tested Version: V.1 V2.4
Advisory Publication: Feb 2, 2015
Latest Update: Feb 2, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE…
CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability
Posted by Alex Haynes on Feb 02
CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: Landesk Management Suite Cross-Site scripting vulnerabilityProduct: Landesk Management SuiteVulnerable
Versions: 9.5 (possible previous versions), 9.6Tested Version: 9.5Advisory Publication: Feb 02, 2015Latest Update: Feb
02, 2015Vulnerability Type: Cross-Site Scripting [CWE-79]CVE Reference: CVE-2014-5360Credit: Alex Haynes
Advisory Details:…
MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
This Metasploit module abuses a process creation policy in Internet Explorer’s sandbox, specifically the Microsoft Remote Desktop Services Web Proxy IE one, which allows the attacker to escape the Protected Mode, and execute code with Medium Integrity. At the moment, this module only bypass Protected Mode on Windows 7 SP1 and prior (32 bits). This Metasploit module has been tested successfully on Windows 7 SP1 (32 bits) with IE 8 and IE 11.
WordPress Quasar Theme 1.9.1 Privilege Escalation
WordPress Quasar Theme version 1.9.1 suffers from a privilege escalation vulnerability.
Packet Storm New Exploits For January, 2015
This archive contains all of the 187 exploits added to Packet Storm in January, 2015.
Debian Security Advisory 3148-1
Debian Linux Security Advisory 3148-1 – Security support for the chromium web browser is now discontinued for the stable distribution (wheezy). Chromium upstream stopped supporting wheezy’s build environment (gcc 4.7, make, etc.), so there is no longer any practical way to continue building security updates.
HP Security Bulletin HPSBMU03236 1
HP Security Bulletin HPSBMU03236 1 – A potential security vulnerability has been identified with HP Systems Insight Manager for Windows running Bash shell. This is the Bash Shell vulnerability known as “ShellShock” which could be exploited remotely to allow execution of code. Revision 1 of this advisory.