152 matches found
yangjichemical.co.kr XSS vulnerability
Vulnerable URL: http://www.yangjichemical.co.kr/shoppopup/nicknamecheck.htm?nickname=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
bicyclewarehouse.com XSS vulnerability
Vulnerable URL: http://www.bicyclewarehouse.com/sitesearch.cfm?search=%22%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3E&goSiteSearch.x;=0&goSiteSearch.y;=0 Details: Description| Value ---|--- Patched:| Yes, at 25.01.2016 Latest check for patch:| 25.01.2016 15:39 GMT Vulnerability type:| XSS...
imagefap.com XSS vulnerability
Vulnerable URL: http://www.imagefap.com/pictures/5811716/feet-close-ups-in-nylons-and-shoes-01?edit=1=5811716==2'%22%26%25prompt/XSSPOSED/...
Threat Outbreak Alert RuleID12469: Email Messages Distributing Malicious Software on November 17, 2014
Medium Alert ID: 36448 First Published: 2014 November 18 16:18 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12469 may contain the following files: Name |...
WordPress <= 3.0.1
wp-includes/comment.php does not properly whitelist trackbacks and pingbacks in the blogroll. In that way the attackers can bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match. Solution Update WordPress...
PYSEC-2013-21
The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...
Facebook Hacking, technique to Spoof the content of any Facebook App
There are many unpatched loopholes or flaws in Facebook website, that allow hackers to inject external links or images to a wall, hijacking any facebook account or bypassing your social privacy. Today we are going to report about another unfixed facebook app vulnerability that allow a hacker to...
ldoce Gem for Ruby MP3 URL Shell Metacharacter Injection Arbitrary Command Execution
ldoce Gem for Ruby contains a flaw that is triggered during the handling of a specially crafted URL or filename for MP3 files that have shell metacharacters injected in to it. This may allow a context-dependent attacker to execute arbitrary commands...
Not being able to create webhooks with basic authentication.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-31953. panel Using the procedures to use basic auth described on https://extranet.atlassian.com/display/SUPPORT/Webhooks+readiness+for+JIRA+5...
Not being able to create webhooks with basic authentication.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-31953. panel Using the procedures to use basic auth described on...
DarkBot Malware Circulation very fast via Skype
Two weeks back we reported that Security firm Trend Micro discovered a worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. This malware is spreading through a question/ phrase sent to the users by someone and the question is:...
Mozilla Thunderbird 13.x < 13 Multiple Vulnerabilities
Binary data 801366.prm...
Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55)
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting XSS protection mechanisms via a feed:javascript: URL...
Adobe Flash Player URL Security Domain Checking Code Execution (APSB12-07; CVE-2012-0772)
A memory corruption vulnerability has been reported in Adobe Flash Player...
Adobe AIR 3.x <= 3.1.0.4880 Multiple Memory Corruption Vulnerabilities (APSB12-07)
According to its version, the instance of Adobe AIR 3.x on the remote Windows host is 3.1.0.4880 or earlier and is reportedly affected by several critical memory corruption vulnerabilities : - Memory corruption vulnerabilities related to URL security domain checking. CVE-2012-0772 - A flaw in the...
Flash Player <= 10.3.183.16 / 11.1.102.63 Multiple Memory Corruption Vulnerabilities (APSB12-07)
According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.16 or 11.x equal to or earlier than 11.1.102.63. It is, therefore, reportedly affected by several critical memory corruption vulnerabilities : - Memory corruption...
Memory corruption
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...
CVE-2012-0772
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...
CVE-2012-0772
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...
Unfixed XSS vulnerability at www.ancyl.org.za
Security researcher 03storic, has submitted on 03/02/2012 a cross-site-scripting XSS vulnerability affecting www.ancyl.org.za, which at the time of submission ranked 1272652 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/02/2012. It is...