Globber 1.4 Cross Site Request Forgery

alert0" /...

CVE-2010-2697

Cross-site scripting XSS vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to editblog/index.php. NOTE: some of these details are obtained from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to editblog/index.php. NOTE: some of these details are obtained from third party information...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when 1 editing a new blog, 2 adding an album, or 3 editing an album. NOTE: the provenance of this information is unknown; t...

CVE-2010-2697

Cross-site scripting XSS vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to editblog/index.php. NOTE: some of these details are obtained from third party information...

CVE-2010-2697

CVE-2010-2697 is a cross-site scripting (XSS) vulnerability in Sijio Community Software. The flaw lets remote authenticated users inject arbitrary web script or HTML through the title parameter when adding a new blog, related to edit_blog/index.php. The description notes this is an authenticated ...

CVE-2010-2698

Multiple cross-site scripting XSS vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when 1 editing a new blog, 2 adding an album, or 3 editing an album. NOTE: the provenance of this information is unknown; t...

Pulling Back the Curtain on Rogue AV Tech Support

We’ve blogged a few times about rogue AV, explaining how search engines have been abused using Black Hat Search Engine Optimization techniques to redirect web surfers to rogue AV websites. Recently, we’ve noticed that the rogue AVs being spread are all equipped with an “Online Support” button. Se...

Microsoft исследует информацию о новой бреши в Windows 2000 и XP

Датская мониторинговая компания Secunia опубликовала предупреждение о наличии в операционных системах Windows XP и Windows 2000 “умеренно критической” уязвимости. Согласно выпущенному фирмой руководству, уязвимость присутствует из-за граничной ошибки в классе CFrameWnd в файле mfc42.dll. Ее...

Sijio Community Software - SQL Injection / Persistent Cross-Site Scripting

I'm SiD3^effects member from Inj3ct0r Team Support e-mail : submitatinj3ct0r.com Name : Sijio Community Software SQLi/Persistent XSS Vulnerability Date : july, 7 2010 Critical Level : HIGH Vendor Url : http://www.sijio.com/ Google Dork: © Powered by sijio - Community Software Author : Sid3^effect...

Sandbox 2.0.3 Bypass / Local File Inclusion / Shell Upload / SQL Injection

Sandbox 2.0.3 Multiple Remote Vulnerabilities Name Sandbox Vendor http://www.iguanadons.net Versions Affected 2.0.3 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-07 X. INDEX I. ABOUT THE APPLICATION II...

Bit Weaver v2.7 Local File Inclusion Vulnerability

Exploit for php platform in category web applications ================================================== Bit Weaver v2.7 Local File Inclusion Vulnerability ================================================== ------------------------------------------------------------------------...

Mozilla Firefox Address Bar Spoofing Vulnerability (Jun 2010) - Windows

Mozilla Firefox is prone to spoofing vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-2229

Multiple cross-site scripting XSS vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2009-4904

article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service blog spam via a comment=new action...

CVE-2009-4907

Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...

Design/Logic Flaw

article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service blog spam via a comment=new action...

CVE-2009-4907

Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...

Google Releases Chrome 5.0.375.86

Google has released Chrome 5.0.375.86 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks. US-CERT encourages users and administrators to review the Google Chrome Releases bl...

CVE-2010-2436

SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATHINFO...