Oracle Web Center XSS

Oracle Web Center XSS Details ======================================================================================== Product: Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Security-Risk: High Remote-Exploit: yes Vendor-URL: https://www.oracle.com/ CVE-ID: CVE-2017-10075 CVSS: 8.2 Credits ======================================================================================== Discovered by: Owais Mehtab & Tayeeb Rana Affected Products: ======================================================================================== Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Description ======================================================================================== Two Cross site scripting (XSS) vulnerabilities have been identified in …

Oracle Web Center XSS Read More »

Downside of keeping everything public – ICWATCH

I have been writing and preaching about Social network information harvesting and why it is a bad thing (Check out the post here). I recently stumbled upon something, which is, publicly known though, but still worth mentioning. The mentioned “something” is a very good example of why too much information about one’s self is never …

Downside of keeping everything public – ICWATCH Read More »

Sitecore CMS v 8.2, cross site scripting & arbitrary file access

Hi folks, Multiple vulnerabilities were found in the Sitecore version 8.2. Which were reported to Sitecore CMS on the 5th of May,2017. A patch was released on the 27th of June, 2017. It is recommended to update the Sitecore CMS installation. The exploit is being made public after the patch has been released. Exploit:[CVE-2017-11439, CVE-2017-11440] …

Sitecore CMS v 8.2, cross site scripting & arbitrary file access Read More »

VMWare Horizon View Client <= 5.4 DLL Hijacking

During one of the pentest assignment i had to perform security assessment for VMWare Horizon View Client, since it’s native windows application the attack vectors are different than normal web apps. I started looking at the memory then traffic then registries found nothing, i was at a total loss…. Fortunately since it’s a native application …

VMWare Horizon View Client <= 5.4 DLL Hijacking Read More »

ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS)

[Re-post] Original Post, posted on: 15th Feb, 2014 on Xc0re blog. While going through the Icewarp client I found that  it is possible to inject malicious HTML Element tags into the email and cause a Cross site Scripting (XSS) payload to be executed. The versions that I tested on, were  : 11.0.0.0 (2014-01-25) x64  (http://demo.icewarp.com/) …

ICEWARP Multiple Clients, Persistent Cross Site Scripting (XSS) Read More »

Social Network Information Harvesting (SNIH)

Social Networks ! For those people who do not know about the social network , what it is and what this blog post is all about, well, here is a quick introduction. Social Network is People share their personal or business information freely on these websites. Though the privacy policy is pretty customizable and one …

Social Network Information Harvesting (SNIH) Read More »

Secured By miniOrange