Social networks to be monitored by Mumbai police to keep a check on hate pages !

After observing an increase in the number of phishing attacks and several other cyber crimes, the cyber police have intensified patrolling of the social networking sites. Police, with the help of IT experts, will keep a check on any hate posts or groups created in cyberspace. The action reportedl...

WordPress Related Posts Plugin <= 1.0 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities in the configuration screen in wp-relatedposts.php, the attackers can hijack the authentication of administrators for requests that insert cross-site scripting sequences. Solution Update the plugin...

WordPress <= 3.0.4 - Multiple Security Vulnerabilities

Because of these vulnerabilities, remote authenticated users can read draft posts or private posts via a modified "attachmentid" parameter. Solution Update WordPress...

glFusion CMS 1.2.1 Stored XSS via img Tag

Exploit for php platform in category web applications Exploit Title: glfusion CMS 1.2.1 stored XSS via img tag Date: 14-1-2010 Author: Saif El-Sherei Software Link: www.glfusion.org/filemgmt/viewcat.php?cid=1 Version: 1.2.1 Tested on: Firefox 3.0.15 Info: glFusion gives you the ability to easily...

glfusion CMS 1.2.1 - img Persistent Cross-Site Scripting

glfusion CMS 1.2.1 - img Persistent Cross-Site Scripting Exploit Title: glfusion CMS 1.2.1 stored XSS via img tag Date: 14-1-2010 Author: Saif El-Sherei Software Link: www.glfusion.org/filemgmt/viewcat.php?cid=1 Version: 1.2.1 Tested on: Firefox 3.0.15 Info: glFusion gives you the ability to easi...

glfusion CMS 1.2.1 - &#039;img&#039; Persistent Cross-Site Scripting

Exploit Title: glfusion CMS 1.2.1 stored XSS via img tag Date: 14-1-2010 Author: Saif El-Sherei Software Link: www.glfusion.org/filemgmt/viewcat.php?cid=1 Version: 1.2.1 Tested on: Firefox 3.0.15 Info: glFusion gives you the ability to easily create websites and online communities complete with...

glfusion CMS 1.2.1 Cross Site Scripting

Exploit Title: glfusion CMS 1.2.1 stored XSS via img tag Date: 14-1-2010 Author: Saif El-Sherei Software Link: www.glfusion.org/filemgmt/viewcat.php?cid=1 Version: 1.2.1 Tested on: Firefox 3.0.15 Info: glFusion gives you the ability to easily create websites and online communities complete with...

Facebook Instant Search : Browse the Facebook Instantly like never before !!

Facebook Instant Search : Browse the Facebook Instantly like never before !! Browse the Facebook Instantly like never before !!. Search in your friends' posts, status, comments and much more... Visit to try it out: No registration required, Just type and search Link : News Source : Rohit Thakur...

Ignition 1.3 (comment.php) Local File Inclusion Vulnerability

Exploit for php platform in category web applications Ignition 1.3 ========================================= Greetz: all member | manadocoding.org - sekuritiOnline.net friends: angky.tatoki, EA ngel, bL4Ck3n91n3, 0pa, x0r0n, teamelite, thama, devilbat, cr4wl3r, cyberl0g, lumut-, AntiHack, DskyMC,...

Pixie 1.04 Cross Site Request Forgery

Pixie 1.04 suffers from CSRF where form data can be submitted by the admin unwittingly in this example to add a blog post or Add a new user. It was not tempted but it is possible to include a cookie stealer in the blog post which a naive admin my view if it has a curious/innocent sounding name...

Facebook Fixes Bug Causing Unintended Posts from Brand Pages

Facebook has confirmed that the recent issue with posts was on their end. A representative told SecurityWeek via email, "We began removing the posts immediately upon discovering them and shortly after they were made. They were caused by a temporary bug on Facebook that allowed certain posts...

CVE-2010-3025

Multiple cross-site scripting XSS vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the 2 conten...

MyBB TagCloud 2.0 Cross Site Scripting

==================================================== MYBB TagCloud 2.0 cross site scripting vulnerability ==================================================== Author: http://www.3ethicalhackers.com Discovered by: http://www.3ethicalhackers.com Original post: http://www.3ethicalhackers.com...

Muraus Open Blog - Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/42255/info Tomaž Muraus Open Blog is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplie...

Globber 1.4 Cross Site Request Forgery

alert0" /...

CVE-2009-4907

Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...

Authentication flaw

EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...

CVE-2009-4801

EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...

WordPress Trashed Posts Information Disclosure Vulnerability

WordPress is prone to an information disclosure vulnerability because it fails to properly restrict access to trashed posts. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2010-0682

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...