663 matches found
Safari Phishing Alert Bypass
Abstract: The PhishingAlert of Safari stops functioning in Windows systems if an abnormal URL is being used. Details: There is a defense mechanism in Safari which recognizes URL deceits such as http://[email protected]. The phishing alert will be activated once the HTTP URL that we want to...
Application Installation doorhanger persists on navigation — Mozilla
Mozilla developer Myk Melez reported that with specifically timed page navigation, the doorhanger notification for Web App installation could persist from one site to another without being dismissed by the navigation. This could be used by a malicious site to trick a user into installing an...
Open-Redirect Vulnerability, Fake Government URLs Duping Users
Spammers have recently taken advantage of an open-redirect vulnerability to phish users and trick them into clicking through links that appear to be coming from government .gov URLs. The scam relies on a malformed series of URLs that appear to be coming from 1.USA.gov, a collaboration between...
Truncated dialogs may be used to trick users – Opera Security Advisories
When an important dialog is being displayed, such as a download dialog, the entire dialog should be visible, so that the user can clearly see what the dialog’s buttons will do. In some cases, specific user interactions can cause Opera not to enforce this correctly, allowing the window to become...
Small windows can be used in several ways to trick users into executing downloads – Opera Security Advisories
When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user may not realize it is being displayed, and if the right keyboard sequence is carefully followed, they can end...
Google Disputes Claim of Android Botnet
Google is disputing statements from researchers at Microsoft and Sophos who this week warned that Android devices were sending spam through compromised Yahoo Mail accounts. In response, both now say they are further investigating their earlier claims. The idea of an international Android botnet...
IBM Rational AppScan 8.x/7.x 多个安全漏洞
CVE ID:...
Overlapping content can trick users into executing downloads – Opera Security Advisories
Dialogs such as the download dialog are usually displayed on top of page content, to ensure that the user knows that the dialog is requesting attention. In some cases, this policy was not implemented correctly in Opera, allowing certain page content to overlay the dialog. In these cases, clicking...
aspcms 后台文件无验证注入+ cookies欺骗
简要描述: 后台文件 AspCmsAboutEdit.asp 未进行验证,且未过滤,导致SQL注入。而且纯在cookies欺骗! 详细说明: ————————后台注射————————...
Fake CNBC's Website for Internet Fraud
Fake CNBC's Website for Internet Fraud The beauty of the Internet is that you can make a truckload of money out here. Yes, you really could quit your full time job if you work hard.The bad news is most people either don't want to work at it, or they buy into some scam that causes them to waste...
Google Chrome HTTPS地址栏欺骗漏洞
Google Chrome是一个由Google公司开发的开源网页浏览器。 Google Chrome 14和15在HTTPS地址栏的实现上存在欺骗漏洞,攻击者可利用此漏洞诱使用户访问恶意站点,泄露其证书和个人数据。 0 Google Chrome 15 Google Chrome 14 厂商补丁: Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.google.com...
VMware ESX Server多个安全漏洞
VMware ESX 服务器是在通用环境下分区和整合系统的虚拟主机软件。它是具有高级资源管理功能高效,灵活的虚拟主机平台。 VMware ESX Server在实现上存在多个安全漏洞,可被本地恶意用户利用泄露敏感信息、操作某些数据、绕过某些安全限制、执行欺骗攻击、执行DNS投毒攻击。 VMWare ESX Server 4.x VMWare ESX Server 3.x 厂商补丁: VMWare ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.vmware.com...
Hacking a Facebook Account using Facebook
Hacking a Facebook Account using Facebook Many of us know that phishing is also a trick to hack a facebook and session hijicking but hacker can do both at a same time. This vulnerability was happened on Facebook static FBML .Example here . Here you can get that Facebook FBML script : What user wi...
Polyethylene commercial po-2. 0 vulnerability-vulnerability warning-the black bar safety net
Program: A commercial po-2. 0 Download: http://down.chinaz.com/soft/21754.htm google keywords: intext:technical support:Ben Ming technology poly commercial po A few days ago to engage in Station I met a program called poly commercial treasure, the source code download here, today only have time t...
Mandriva Linux Security Advisory : firefox (MDVSA-2011:068)
Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. Users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate sites. This could deceive them into revealing personal information...
Bo-Blog v2.1.1 COOKIE欺骗漏洞
No description provided by source...
PT-2011-2022 · Oracle · Icedtea
Name of the Vulnerable Software and Affected Versions: IcedTea versions 1.7 through 1.7.7 IcedTea versions 1.8 through 1.8.4 IcedTea versions 1.9 through 1.9.4 Description: The issue allows remote attackers to trick users into executing code that appears to come from a trusted source, due to...
flash-plugin: multiple security flaws (APSB10-16)
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into 1 selecting a link or 2 completing a dialog, related to a "click-jacking" issue...
Smart core management system through the kill vulnerability-vulnerability warning-the black bar safety net
Smart core management system of the pass to kill the loopholes, a few days ago happen to need to get a Chi Rui school management system Station download the intelligent core of the system see the following code, found in the ADMIN directory, the admincheck. asp file code is written this way is by...
The latest news of the system through the kill vulnerability 0day-vulnerability warning-the black bar safety net
Use cokiess deceived into management background,google keyword inurl:newsmore. asp? lm2= 1. /admin/adminnewsplview. asp? id=1 //id of any fill in the following statement 2. Sometimes 1 display error message of time to go back 2, 3, and 4。。。。 3. |'+dfirst"user","admin"+chr1 2...