Sql injection

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...

CVE-2013-5640

Summary: CVE-2013-5640 (and related CVE-2013-7349) affect the Gnew 2013.1 application, with multiple SQL injection vectors. The vulnerabilities allow remote attackers to inject SQL via parameters in polls/vote.php (answer_id, question_id), comments/add.php (story_id) and comments/edit.php, or pos...

WordPress < 3.3.3 / 3.4.0 Multiple Vulnerabilities

According to its version number, the WordPress install hosted on the remote web server is affected by the following vulnerabilities : - A cross-site scripting flaw exists in the 'edit-tags.php' script where it does not validate the 'slug' parameter upon submission. This could allow a remote...

Yahoo vulnerability allows Hacker to delete 1.5 million records from Database

Yahoo! The 4th most visited website on the Internet has been found vulnerable multiple times, and this time a hacker has claimed to spot a critical vulnerability in the Yahoo! sub-domain 'suggestions.yahoo.com', which could allow an attacker to delete the all the posted thread and comments on...

CVE-2011-5270

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...

DEBIAN-CVE-2011-5270

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publishposts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role...

Information disclosure

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft...

New home for the Security Group blog

News New home for the Security Group blog Share October 31st, 2013 Welcome to the new home of the Opera Security Group. We have changed our blogging platform. For more more information regarding the switch, please see this post. If you received this blog post in your feed reader, you do not need ...

Security breach at OAuth based applications can cause Social Media Disaster

With all the popular social networking websites there on the web, managing them from several different internet browser tabs or windows can get frustrated very quickly. Besides our own Facebook Page, Twitter account, and Google+ profile, I also manage several others and, YES, I feel the "time...

Facebook Graph Search becomes more powerful than ever, Review your Privacy Settings again

Facebook Graph Search is more powerful than ever, has been updated to allow people to search in greater depth on Facebook. Facebook expanded its Graph Search to include posts and status updates, which means everything you’ve been posting is way easier to find than ever before. "Now you will be ab...

Fedora 18 : wordpress-3.5.2-1.fc18 (2013-11630)

WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also...

DEBIAN-CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...

UBUNTU-CVE-2013-2173

wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service CPU consumption via a crafted value of a certain wp-postpass cookie...

Financial Times hacked by Syrian Electronic Army

The Financial Times has become the latest news outlet to be hacked by supporters of the Syrian president Bashar al-Assad, following a phishing attack on the company’s email accounts. The posh broadsheet's Tech Blog - at http://blogs.FT.com/beyond-brics was compromised to run stories headlined...

WordPress Related Posts Plugin <= 2.6.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of users for requests that change settings via unspecified vectors. Solution Update the plugin...

WordPress Related Posts Plugin <= 1.3.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of unspecified users for requests that change settings via unknown vectors. Solution Update the plugin...

WordPress Related Posts Plugin <= 2.7.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of users for requests that modify settings via unspecified vectors. Solution Update the plugin...

Hackers Compromise The War Z Forum, Game Databases

Hackers compromised the forum and game database of the massively multiplayer online game, The War Z, forcing the game’s producer OP Productions to temporarily take the game and its forum offline. In a security alert issued yesterday, OP Productions informed The War Z players of the breach and...

Anonymous Hackers dumps 600k Emails from most popular Israeli web portal

As part of Operation Israel OpIsrael Anonymous Hackers once again strike on Israeli infrastructure by dumping the 600,000 emails and passwords from one of the most popular Israeli web portal 'Walla', which is know for providing news, search and e-mail system, among other things. Anonymous Activis...

Fedora 17 : wordpress-3.5.1-1.fc17 (2013-1692)

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: F...