580 matches found
Dyre Trojan Targeting More than Salesforce.com Credentials
The criminals who unleashed a variant of the Dyre banking Trojan recently may have more up their sleeve than harvesting Salesforce.com credentials. Analysis of a sample conducted by SaaS security company Adallom determined that the new strain of Dyre is targeting large enterprises in addition to...
SALESFORCE Cloud Service Detection
Binary data 8511.prm...
Salesforce Warns Customers of Dyreza Banker Trojan Attacks
Salesforce.com is warning its customers that the Dyreza banker Trojan is now believed to be targeting some of the company’s users. The Trojan, which has the ability to bypass SSL, typically goes after customers of major banks, but seems to be expanding its reach. Dyreza is relatively new among th...
WordPress-to-Lead for Salesforce CRM 1.0.1 - salesforce.php salesforce_form_shortcode Function Error Message H&ling XSS
The Brilliant Web-to-Lead for Salesforce WordPress plugin was affected by a salesforce.php salesforceformshortcode Function Error Message H XSS security vulnerability...
WordPress-to-Lead for Salesforce CRM 1.0 - salesforce.php Multiple Parameter XSS
The Brilliant Web-to-Lead for Salesforce WordPress plugin was affected by a salesforce.php Multiple Parameter XSS security vulnerability...
WordPress-to-Lead for Salesforce CRM 1.0.4 - ov_plugin_tools.php textinput Function XSS
The Brilliant Web-to-Lead for Salesforce WordPress plugin was affected by an ovplugintools.php textinput Function XSS security vulnerability...
WordPress To Lead For Salesforce Plugin <= 1.0.1 - Cross Site Scripting
This plugin is prone to salesforce.php salesforceformshortcode Function Error Message H&ling cross site scripting vulnerability. Solution Update the plugin...
WordPress To Lead For Salesforce Plugin <= 1.0.4 - Cross Site Scripting
This plugin is prone to ovplugintools.php textinput function cross site scripting vulnerability. Solution Upgrade this plugin...
WordPress To Lead For Salesforce Plugin <= 1.0 - Cross Site Scripting
This plugin is prone to a salesforce.php multiple parameter cross site scripting vulnerability. Solution Update the plugin...
Reflected XSS affecting Confluence via Gadgets
Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...
Reflected XSS affecting Confluence via Gadgets
Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...
Reflected XSS affecting Confluence via Gadgets
Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...
Bruteforce Attack via Applinks Servlet
An attacker is able to perform bruteforce attacks via the applinks servlet. There is no captcha protection, nor do accounts get locked out after excessive attempts. The attacker can input a username, and perform bruteforce attacks on the login form. The core issue is that there is no login attemp...
Reflected XSS affecting JIRA via Gadgets
Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...
Reflected XSS affecting JIRA via Gadgets
Steps to recreate: 1. To view the reflected XSS affecting JIRA, present on the current JIRA installation jira.atlassian.com visit the following link: noformat...
ZeuS Trojan variant Targets Salesforce accounts and SaaS Applications
Zeus, a financially aimed Banking Trojan that comes in many different forms and flavors, is capable to steal users' online-banking credentials once installed. This time, an infamous Zeus Trojan has turned out to be a more sophisticated piece of malware that uses web-crawling action. Instead of...
Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL
Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 24/11/12 version: 0.5 software link: http://wordpress.org/extend/plugins/video-lead-form/ Video Lead Form plugin descripti...
WordPress Video Lead Form 0.5 Cross Site Scripting
Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 24/11/12 version: 0.5 software link: http://wordpress.org/extend/plugins/video-lead-form/ Video Lead Form plugin descripti...
Salesforce Application Detection
Binary data 6585.prm...
BlackBerry Desktop Manager Intellisync ActiveX Control Arbitrary Remote Code Execution
The version of the Lotus Notes Intellisync component 'lnsresobject.dll' included with the BlackBerry Desktop Software installation on the remote host reportedly contains an unspecified error that can be exploited to execute arbitrary code. If an attacker can trick a user on the affected host into...