Microsoft Pocket Internet Explorer 3.0 - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6507/info A denial of service vulnerability has been reported for Pocket Internet Explorer PIE. The vulnerability is due to the way some JavaScript code is interpreted by PIE. By enticing a victim user to browse a...

Localize: XSS in Localize.io

During signup I used " as my password.Just after pressing sign up I was forwarded to a new page,where that page was showing my username and asked to click to view my password.When I clicked the javascript executed. Attachment: xss.png...

Researchers Uncover Interesting Browser-Based Botnet

Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video Web site and hijacked users’ browsers in order to flood the site with traffic. The attack on the unnamed site involved the use of...

Extension Spam in Google Chrome Web Store

UPDATE: Twelve seemingly legitimate Chrome browser extensions installed by more than 180,000 users are injecting advertisements on 44 popular websites. According to a Barracuda Labs report, the extensions can be found in the official Chrome Web Store. They advertise themselves and operate as game...

Feedburner Hosting Malicious JavaScript Dropper

A sub-domain of Google’s Feedburner RSS management platform is hosting a string of malicious JavaScript embedded with an iFrame, all of which is designed to upload a Trojan onto user machines and redirect visitors to a series of malicious sites. According to a report published by the security fir...

Low: Red Hat Security Advisory: ruby193-v8 security update

Updated ruby193-v8 packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0722)

From Red Hat Security Advisory 2007:0722 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web...

iOS Developer Site at Core of Facebook, Apple Watering Hole Attack

UPDATE – The missing link connecting the attacks against Apple, Facebook and possibly Twitter is a popular iOS mobile developers’ forum called iPhoneDevSDK which was discovered hosting malware in an apparent watering hole attack that has likely snared victims at hundreds of organizations beyond t...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to safely display the content, causing Firefox to execute arbitrary JavaScript with the privileges of the user running...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2012:0128 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Million ASP.Net web sites affected with mass SQL injection attack

Million ASP.Net web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted...

Albania Security Group Hack more than 1000 Facebook Pages In One day !

Albania Security Group Hack more than 1000 Facebook Pages In One day ! There are Four Admins In the Group : 1. Hacker Twilight 2. Akrepi Hacker 3. BombRun 4. WarBot They Spread a Hex Javascript on Facebook, Once Victim will run that ,it automatically add there email id as admin in all victims...

Collabtive 0.65 - Multiple Vulnerabilities

Collabtive 0.65 - Multiple Vulnerabilities ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 ...

Collabtive 0.65 - Multiple Vulnerabilities

ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact: Gaining Administrative Privileges...

KnowledgeTree 3.5.2 Community Edition Cross Site Scripting

Exploit Title: KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability Date: 2010-08-11 Author: fdisk Software Link: http://www.knowledgetree.com/products/community/download Version: 3.5.2 Notes: Fixed in the last version. Go to search box or search criteria, enter your javascript code...

KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability

Exploit for php platform in category web applications ================================================================= KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability ================================================================= Exploit Title: KnowledgeTree 3.5.2 Community...

Exponent CMS 0.97.0 Cross Site Scripting

Title: Exponent Slideshow XSS Vulnerability Vendor: Exponent Product: Exponent CMS Tested Version: 0.97.0 Threat Class: XSS Severity: High Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== The file "modules/slideshowmodule/slideshow.js.php" is prone to XSS...

Scriptable plugin execution in SeaMonkey mail — Mozilla

Security researcher Georgi Guninski reported that scriptable plugin content, such as Flash objects, could be loaded and executed in SeaMonkey mail messages by embedding the content in an iframe inside the message. If a user were to reply to or forward such a message, malicious JavaScript embedded...

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code :...

Zone-H Cross Site Scripting

. | | \ / \ / / \ | | \ / \ / \ / | \ / // | Y \ // \ | | \ / /|| /\ || / \ | / / / / / / / Cross Site Scripting Vulnerability Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ ———————— 1. INFORMATION | ———————— Site: http://www.zone-h.com.cn/...