Tags
0-day, browser, computer, exploit, hacker, information, IT, scripting, security, technology, vulnerability, web, whitehat
References:
11 Wednesday Feb 2015
Tags
0-day, browser, computer, exploit, hacker, information, IT, scripting, security, technology, vulnerability, web, whitehat
11 Wednesday Feb 2015
Tags
0-day, application, browser, computer, cybersecurity, database, exploit, hacker, information, IT, scripting, security, technology, vulnerability, web, whitehat
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS
Product: TennisConnect COMPONENTS System
Vendor: TennisConnect
Vulnerable Versions: 9.927
Tested Version: 9.927
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8490
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]
Advisory Details:
(1) Vendor URL:
http://www.tennisconnect.com/products.cfm#Components
Product Description:
TennisConnect COMPONENTS
* Contact Manager (online player database)
* Interactive Calendar including online enrollment
* League & Ladder Management through Tencap Tennis
* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)
* Multi-Administrator / security system with Page Groups
* Member Administration
* MobileBuilder
* Online Tennis Court Scheduler
* Player Matching (Find-a-Game)
* Web Site Builder (hosted web site and editing tools at www. your domain name .com)
(2) Vulnerability Details.
TennisConnect COMPONENTS System has a security problem. It is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “/index.cfm?” page, with “&pid” parameter.
References:
http://packetstormsecurity.com/files/129662/TennisConnect-9.927-Cross-Site-Scripting.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8490
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8490
http://www.osvdb.org/show/osvdb/116149
http://cve.scap.org.cn/CVE-2014-8490.html
http://en.hackdig.com/?11701.htm
http://seclists.org/fulldisclosure/2014/Dec/83
http://securitypost.tumblr.com/
http://computerobsess.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://whitehatpost.blog.163.com/blog/static/2422320542015110102316210/#
http://tetraph.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1352
23 Friday Jan 2015
Segundo o pesquisador Wang Jing, um estudante de matemática , a partir de Nanyang Technological Univeristity , Singapura, do Tetraph blog, o DoubleClick – sistema de compra e venda de anúncios do Google – estaria suscetível a ataques do tipo spam e phishing. A descoberta deixa o Google e os utilizadores/usuários do DoubleClick em alerta.
Entenda a vulnerabilidade do DoubleClick
Em sua pesquisa, Wang Jing encontrou vulnerabilidades de Open Redirect, que permitiram que hackers redirecionassem usuários para um site malicioso, sem a necessidade de qualquer validação, ou seja, o usuário clicaria em um anúncio e ao invés de ser direcionado para o site da propaganda, seria redirecionado para um site infectado.
Jing afirmou ainda que a grande popularidade do DoubleClick faz com que os ataques a essas vulnerabilidades sejam mais comuns, em especial para spam e phishing.
https://hackertopic.wordpress.com/2014/12/31/doubleclick-do-google-pode-ser-vulneravel-a-ataques/
20 Tuesday Jan 2015
Posted Computers & Web, IT Information, News, Sciences
in06 Tuesday Jan 2015
Posted Sciences
inTags
Differential Geometry, Gauss's Law, Magnetic Field, Mathematics, Maxwell's Equation, Modern Electrical, Modern Physics, Nabla Symbol, Partial Differential Equation, Physics Research, Topology
Maxwell’s Formulation – Differential Forms on Euclidean Space
Author: Jing Wang
Institute: School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore
One of the greatest advances in theoretical physics of the nineteenth century was Maxwell’s formulation of the the equations of electromagnetism. This article uses differential forms to solve a problem related to Maxwell’s formulation. The notion of differential form encompasses such ideas as elements of surface area and volume elements, the work exerted by a force, the flow of a fluid, and the curvature of a surface, space or hyperspace. An important operation on differential forms is exterior differentiation, which generalizes the operators div, grad, curl of vector calculus. the study of differential forms, which was initiated by E.Cartan in the years around 1900, is often termed the exterior differential calculus.However, Maxwell’s equations have many very important implications in the life of a modern person, so much so that people use devices that function off the principles in Maxwell’s equations every day without even knowing it.
Source: http://webcabinet.tumblr.com/post/118277898037/maxwells-formulation-differential-forms-on
11 Tuesday Feb 2014
Tags
Algorithm, Computer Science, Computing Mathematics, Delaunay Triangulation, Discrete Math, Geometry, Modern Science, Nature Science, Networks, Presentation, Research, Web Technology
Delaunay Triangulation – From 2-D Delaunay to 3-D Delaunay
Author: Jing Wang
Institute: School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore
Delaunay triangulations are widely used in scientific computing in many diverse applications. While there are numerous algorithms for computing triangulations, it is the favorable geometric properties of the Delaunay triangulation that make it so useful.
The fundamental property is the Delaunay criterion. In the case of 2-D triangulations, this is often called the empty circumcircle criterion. For a set of points in 2-D, a Delaunay triangulation of these points ensures the circumcircle associated with each triangle contains no other point in its interior. This property is important. In the illustration below, the circumcircle associated with T1 is empty. It does not contain a point in its interior. The circumcircle associated with T2 is empty. It does not contain a point in its interior. This triangulation is a Delaunay triangulation. This presentation discusses how to extend 2-D Delaunay to 3-D Delaynay.
Source: http://itinfotech.tumblr.com/post/118271967936/delaunay-triangulation-from-2-d-delaunay-to-3-d
19 Tuesday Mar 2013
Posted Computing, Mathematics, Sciences
inDelaunay Triangulation – From 2-D Delaunay to 3-D Delaunay
Author: Wang Jing
Institute: School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore
Delaunay triangulations are widely used in scientific computing in many diverse applications. While there are numerous algorithms for computing triangulations, it is the favorable geometric properties of the Delaunay triangulation that make it so useful.
The fundamental property is the Delaunay criterion. In the case of 2-D triangulations, this is often called the empty circumcircle criterion. For a set of points in 2-D, a Delaunay triangulation of these points ensures the circumcircle associated with each triangle contains no other point in its interior. This property is important. In the illustration below, the circumcircle associated with T1 is empty. It does not contain a point in its interior. The circumcircle associated with T2 is empty. It does not contain a point in its interior. This triangulation is a Delaunay triangulation. This presentation discusses how to extend 2-D Delaunay to 3-D Delaynay.
Source:
http://www.inzeed.com/kaleidoscope/mathematics/delaunay