Disclosure
HPE Business Service Management (BSM) – Reflected XSS (CVE-2016-4392)
Product & Service Introduction;
HP Business Service Management (BSM) is an end-to-end management solution that integrates network, server, application and business transaction monitoring. HP Business Service Management is developed and marketed by the HP Software Division.
Release Date;
21 Oct 2016
Affected Product;
HP Business Service Management Software 9.1x, 9.20 - 9.25IP1
Oracle ADF < 12.1.2 – XML External Entity Injection (XXE) Vulnerability
Product & Service Introduction;
In computing, Oracle Application Development Framework, usually called Oracle ADF, provides a commercial Java framework for building enterprise applications. It provides visual and declarative approaches to Java EE development. It supports rapid application development based on ready-to-use design patterns, metadata-driven and visual tools.
Exploitation Technique;
Remote, Authenticated
Alcatel Lucent Home Device Manager – Management Console Multiple XSS (CVE-2015-8687)
Document Title: =============== Alcatel Lucent Home Device Manager - Management Console Multiple XSS CVE-Number: =========== CVE-2015-8687 Release Date: ============= 03 Jan 2016 Read the rest of this entry »
Moodle Login Bypass via Open-Session Folder
Hi,
Moodle login screen can bypass via hijacked(taken from session folder) sessionID.
Nokia Solutions and Networks @vantage – Multiple Reflected XSS (CVE-2015-6929)
Document Title: ============== Nokia Solutions and Networks @vantage - Multiple Reflected XSS Release Date: ============ 9 Sep 2015 Read the rest of this entry »