0x90

Information Security professional....

Sitecore CMS v 8.2, cross site scripting & arbitrary file access

Hi folks, Multiple vulnerabilities were found in the Sitecore version 8.2. Which were reported to Sitecore CMS on the 5th of May,2017. A patch was released on the 27th of June, 2017. It is recommended to update the Sitecore CMS installation. The exploit is being made public after the patch has been released. Exploit:[CVE-2017-11439, CVE-2017-11440] …

Sitecore CMS v 8.2, cross site scripting & arbitrary file access Read More »

ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS)

[Re-post] Original Post, posted on: 15th Feb, 2014 on Xc0re blog. While going through the Icewarp client I found that  it is possible to inject malicious HTML Element tags into the email and cause a Cross site Scripting (XSS) payload to be executed. The versions that I tested on, were  : 11.0.0.0 (2014-01-25) x64  (http://demo.icewarp.com/) …

ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS) Read More »

Social Network Information Harvesting (SNIH)

Social Networks ! For those people who do not know about the social network , what it is and what this blog post is all about, well, here is a quick introduction. Social Network is People share their personal or business information freely on these websites. Though the privacy policy is pretty customizable and one …

Social Network Information Harvesting (SNIH) Read More »

Secured By miniOrange