Category: Hacking & Security
-
Archive: Oracle Web Center XSS
Oracle Web Center XSS Details ======================================================================================== Product: Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Security-Risk: High Remote-Exploit: yes Vendor-URL: https://www.oracle.com/ CVE-ID: CVE-2017-10075 CVSS: 8.2 Credits ======================================================================================== Discovered by: Owais Mehtab & Tayeeb Rana Affected Products: ======================================================================================== Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Description ======================================================================================== Two Cross site scripting (XSS) vulnerabilities have been identified in…
-
Archive: Sitecore CMS v 8.2, cross site scripting & arbitrary file access
Hi folks, Multiple vulnerabilities were found in the Sitecore version 8.2. Which were reported to Sitecore CMS on the 5th of May,2017. A patch was released on the 27th of June, 2017. It is recommended to update the Sitecore CMS installation. The exploit is being made public after the patch has been released. Exploit:[CVE-2017-11439, CVE-2017-11440]…
-
Archive: VMWare Horizon View Client <= 5.4 DLL Hijacking
During one of the pentest assignment i had to perform security assessment for VMWare Horizon View Client, since it’s native windows application the attack vectors are different than normal web apps. I started looking at the memory then traffic then registries found nothing, i was at a total loss…. Fortunately since it’s a native application…