XSS vulnerability in PDF export

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence action that performs the export to PDF. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's o...

XSS vulnerability in PDF export

We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence action that performs the export to PDF. An attacker might take advantage of the vulnerability to steal other users' session cookies or other credentials, by sending the credentials back to such an attacker's o...

SAP NetWeaver MMR — Denail of Service

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.0 metamodel repository Vendor URL: Bugs: Denial of service Exploits: YES Reported: 15.02.2010 Vendor response: 15.02.2010 Date of Public Advisory: 09.11.2010 Author: Alexandr Polyakov Description SAP Netweaver Metamodel Repository can ...

Nigeria Moving to Shut Down Scammers

It turns out Nigeria is taking measures to fight Internet scams—law enforcement there has shut down close to a thousand websites and made 18 arrests as part of a new initiative to save the nation’s reputation and crack down on Internet scammers. The program, called “Project Eagle Claw,” has only...

Twitter Security Experiment Goes Live

DarkReading is reporting on the launch of a new experimental service set up to detect spam and threats on the popular Twitter microblogging service. The experiment, called TwiGUARD, lets Twitter users check if a follower is a spammer or if a link embedded in a tweet is malicious. From the article...

David Mortman and Alex Hutton on Exploit Code Use, Data Breaches and Reputation Damage

Dennis Fisher talks with David Mortman and Alex Hutton of the New School of Information Security blog about the Mortman/Hutton model, data breaches and the effect of breaches on the reputation and viability of an organization. Download Subscribe to the Digital Underground podcast on Podcast audio...

CVE-2009-2787

Directory traversal vulnerability in include/reputation/repprofile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the...

CVE-2009-2786

SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter...

Sql injection

SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter...

Directory traversal

Directory traversal vulnerability in include/reputation/repprofile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the...

CVE-2009-2786

SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter...

CVE-2009-2787

Directory traversal vulnerability in include/reputation/repprofile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the...

CVE-2009-2787

CVE-2009-2787 is a directory traversal vulnerability in the Reputation plugin for PunBB (versions 2.2.4, 2.2.3, 2.0.4 and earlier). The issue arises when register_globals is enabled and magic_quotes_gpc is disabled, allowing remote attackers to include and execute arbitrary local files via a .. i...

CVE-2009-2786

The CVE-2009-2786 entry concerns a SQL injection in the Reputation plugin for PunBB. Affected is reputation.php across Reputation plugin versions 2.2.4, 2.2.3, 2.0.4 and earlier. The root cause is an injection vulnerability via the poster parameter, allowing remote attackers to execute arbitrary ...

Paul Judge on Cloud Security and Security as a Service

In the debut episode of the Digital Underground Podcast, Dennis Fisher talks to Paul Judge, founder and CTO of Purewire, about the security of cloud computing services, reputation systems and the growing threat of social networks. Subscribe to the Digital Underground podcast on...

Sql injection

SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-2217

SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Gentle-killer－cross-site Script attacks-vulnerability warning-the black bar safety net

Gentle-killer－cross-site Script attack · Translation:Billi·transfer from CPCW The first part: cross-site SCRIPT attacks in several ways: Whenever we think of hackers, a hacker is often such a portrait: a lonely man, snuck into someone else's server, destroying or stealing someone else's secret...

CVE-2005-3776

Multiple cross-site scripting XSS vulnerabilities in MyBulletinBoard MyBB 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via 1 the subject field when creating a new thread and 2 information passed to the Reputation system...

CVE-2005-3776

CVE-2005-3776 affects MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 with XSS vulnerabilities in (1) the thread creation subject and (2) the Reputation system input. The root cause is provided as multiple XSS flaws allowing remote attackers to inject arbitrary script/HTML; specifics on versions, affected...