CVE-2014-9335

Multiple cross-site request forgery CSRF vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 emailaddress or 2 sidebarTitle paramet...

Cardoza Facebook Like Box < 2.8.3 - Multiple CSRF

The Easy Social Like Box – Popup – Sidebar Widget WordPress plugin was affected by a Multiple CSRF security vulnerability...

Restricted page at the Home Page layer is shown at the sidebar page tree

h3. Problem The page which is restricted to user A only is shown on the page tree and the left sidebar when the page is at the top level of the page tree which is at the same level at the home page. This is replicable on my dev instance. Create a test space. Create Page A and make sure the locati...

Restricted page at the Home Page layer is shown at the sidebar page tree

h3. Problem The page which is restricted to user A only is shown on the page tree and the left sidebar when the page is at the top level of the page tree which is at the same level at the home page. This is replicable on my dev instance. Create a test space. Create Page A and make sure the locati...

Txx CMS 0.2 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. :::::::::::::::::::::::::::::::::::::::::::::::::::....................... ::| \ | | \ | | / | ::| | | | | | | | ::| . | |/ / \ | . |/ | ' \ / \ | | | '/ \ \ /\ / / ::| |\ | | | / | |\ | | | | | | | | / | || | | /\ V V / ::|| ||\| || |,|| || ||| || | //...

Leaked Screenshots Suggest New Gmail Interface Coming Soon

Google is reportedly testing out some new UI changes for its popular email service, Gmail on the desktop browser that would redesign your inbox in totally different Interface. So, the traditional Gmail we all know may soon get a new makeover and we hope users will definitely love it. Google has...

OSX Network Share Mounter

This module lists saved network shares and tries to connect to them using stored credentials. This does not require root privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OSX Network...

Microsoft Releases a Security Advisory for Windows Sidebar and Gadgets

Microsoft has released security advisory 2719662 to address a vulnerability in Microsoft Windows Sidebar and Gadgets. This vulnerability may allow an attacker to execute arbitrary code, take control of an affected system, or disclose sensitive information. US-CERT encourages users and...

Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)

This host is installed with Microsoft Windows Sidebar and Gadgets and is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: gbmssidebargadgetscodeexecvuln.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability 2719662...

Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)

Microsoft Windows Sidebar and Gadgets is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Issues Kill Fix For Windows Gadgets

A scheduled talk at the Black Hat Briefings security conference in Las Vegas later this month may have dealt a fatal blow to the once ballyhooed Windows Sidebar and Windows Gadgets. Redmond, Washington-based Microsoft, on Tuesday, issued a software “fix” that disables gadgets and the Windows...

WordPress WP-FaceThumb Gallery 0.1 Cross Site Scripting

Wordpress WP-FaceThumb Gallery Plugin Description: This plugin allows your visitor to take a snapshot whith a webcam and the thumb is display on your sidebar. The visitor indicate his pseudo and can let an URL which will be link to the thumb...

Mozilla Firefox Sidebar Panel Code Execution (CVE-2005-0402)

A remote code execution vulnerability has been reported in the Mozilla Firefox sidebar panel...

CVE-2011-3835

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

[SECURITY] Fedora 11 Update: konq-plugins-4.4.0-3.fc11

Some additional plugins that interact with konqueror adblock: AdBlock plugin akregator: Add feeds directly to akregator kdepim is needed autorefresh: Refresh websites after a specifig period babelfish: Translate a website with babelfish crashes: Crash monitor dirfilter: Filter the current directo...

[SECURITY] Fedora 12 Update: konq-plugins-4.4.0-3.fc12

Some additional plugins that interact with konqueror adblock: AdBlock plugin akregator: Add feeds directly to akregator kdepim is needed autorefresh: Refresh websites after a specifig period babelfish: Translate a website with babelfish crashes: Crash monitor dirfilter: Filter the current directo...

Mozilla Firefox Sidebar Panel (CVE-2005-0402)

Firefox is a popular open source web browser for multiple platforms. The product implements various security features which are meant to protect the user from harmful actions which may be attempted by malicious web pages. Some of these security features are restrictions placed on access to...

Feed Sidebar Firefox Extension - Privileged Code Injection

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Feed Sidebar Firefox Extension Code Injection Vulnerability Versions affected: 3.2 +-----------+ |Description| +-----------+ The Feed Sidebar Firefox extension will generate a previ...

CVE-2009-1841

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter...

Firefox JavaScript arbitrary code execution

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter...