• About

computer pitch

~ Computer Technology, News, Security …

computer pitch

Daily Archives: December 4, 2014

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability

04 Thursday Dec 2014

Posted by essaybeans in IT Security

≈ Leave a comment

Tags

0-day, Application Exploit, browser, Computer Science, Computer Security, cyber-security, Database Tech, Hacker Research, Information Security, Internet Testing, IT Security, IT Technology, PHP Code, Scripting Programming, vulnerability, Web Development, Web Flaw, Web Security, Website Bug, white-hat

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability

computer-security

Exploit Title: “Ping Identity Corporation” “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability
Product: PingFederate 6.10.1 SP Endpoints
Vendor: Ping Identity Corporation
Vulnerable Versions: 6.10.1
Tested Version: 6.10.1
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: URL Redirection to Untrusted Site  [CWE-601]
CVE Reference: CVE-2014-8489
CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 10.0
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

http://essayjeanslike.lofter.com/post/1cf58cfa_4f17bb9

Advertisements
December 2014
M T W T F S S
« Nov   Jan »
1234567
891011121314
15161718192021
22232425262728
293031  

Archives

  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • October 2013
  • August 2013
  • August 2012

Recent Posts

  • PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug
  • KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
  • MOZILLA ONLINE WEBSITE TWO SUB-DOMAINS XSS (CROSS-SITE SCRIPTING) BUGS ( ALL URLS UNDER THE TWO DOMAINS)
  • CVE-2015-2209 – DLGuard Full Path Disclosure (Information Leakage) Web Security Vulnerabilitie
  • Godaddy Online Website Covert Redirect Web Security Bugs Based on Google.com
  • Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
  • CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities
  • CVE-2014-9469 vBulletin XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities
  • CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • CXSecurity WLB-2015040034 6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Web Security Vulnerabilities
  • OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities
  • BUGTRAQ 75176 – 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities
  • FC2 Online Web Service Open Redirect (Unvalidated Redirects and Forwards) Cyber Security Vulnerabilities
  • FC2 fc2.com Online Website URLs XSS (cross site scripting) Vulnerabilities (All URLs Under Domain blog.fc2.com/tag)
  • Rakuten Website Search Page XSS (cross site scripting) Web Security Vulnerability
  • Rakuten Online Website Open Redirect (URL Redirection) Cyber Security Vulnerabilities
  • CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities
  • Comsenz SupeSite CMS Stored XSS (Cross-site Scripting) Security Vulnerabilities
  • Webs ID Reflected XSS (Cross-site Scripting) Security Vulnerabilities
  • OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities
  • NetCat CMS 3.12 Multiple Directory Traversal Security Vulnerabilities
  • Opoint Media Intelligence Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities
  • CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
  • CVE-2014-9557 SMARTCMS MULTIPLE XSS (CROSS-SITE SCRIPTING) SECURITY VULNERABILITY
  • The Weather Channel fixes web app flaws
  • 紐約時報所有2013年前舊文章XSS漏洞
  • Times of India website vulnerable to Cross Site Scripting (XSS) attacks
  • CVE-2015-2214 – NetCat CMS Full Path Disclosure (Information Disclosure) Web Security Vulnerabilities
  • ヤフーYahoo.co.jpオープンリダイレクトセキュリティ脆弱性
  • DoubleClick do Google pode ser vulnerável a ataques
  • CNN出现XSS及Open Redirect安全漏洞
  • CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Security Vulnerability
  • 隱蔽重定向安全漏洞
  • CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability
  • CVE-2015-2242 – Webshop hun v1.062S SQL Injection Web Security Vulnerabilities
  • CVE-2015-2066 – DLGuard SQL Injection Web Security Vulnerabilities
  • CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability
  • CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities
  • About Group 超过 99.88% 的链接容易遭受 XSS 和 XFS 攻击
  • CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability
  • About Group (about.com) All Topics (At least 99.88% links) Vulnerable to XSS & Iframe Injection Security Attacks, About.com Open Redirect Web Security Vulnerabilities
  • CVE-2015-1475 – My Little Forum Multiple XSS Web Security Vulnerabilities
  • Maxwell’s Formulation – Differential Forms on Euclidean Space
  • Yahoo and Yahoo Japan May be Vulnerable to Spams
  • Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities
  • CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerability
  • Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Web Security Bugs
  • CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability
Advertisements

Blog at WordPress.com.

Cancel
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy