Singapore 0.10.1 - gallery Cross-Site Scripting

Singapore 0.10.1 - gallery Cross-Site Scripting source: https://www.securityfocus.com/bid/52399/info singapore is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of ...

KLA10139 Vulnerability in Dolphin Browser HD

An unspecified vulnerability was found in the Dolphin Browser HD. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited via an unknown vector. Original advisories - Related products Dolphin-Browser-HD-for-Android CVE list CVE-2012-1392...

CVE-2011-3044

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements...

CVE-2011-3034

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document...

Direct access to issue via url discloses structure without authentication

If an issue is accessed via the direct url an error message discloses if the issue is existent or not - even when the use isn't logged-in. In contrast, an existing issue redirects to the login form. This knowledge may open an attack vector on private Jira instances that require authentication...

Direct access to issue via url discloses structure without authentication

If an issue is accessed via the direct url an error message discloses if the issue is existent or not - even when the use isn't logged-in. In contrast, an existing issue redirects to the login form. This knowledge may open an attack vector on private Jira instances that require authentication...

Direct access to issue via url discloses structure without authentication

If an issue is accessed via the direct url an error message discloses if the issue is existent or not - even when the use isn't logged-in. In contrast, an existing issue redirects to the login form. This knowledge may open an attack vector on private Jira instances that require authentication...

XML decoding attack vector through external entities

More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...

XML decoding attack vector through external entities

More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...

DDoS Attacks Take on Political Motivations as Attackers Evolve

DDoS attacks come in all shapes and sizes, and in a lot of cases, the victims of the attacks don’t much care who is executing the attack or why. They just know that their network is being overwhelmed with junk traffic. But the last year has seen a major volume of politically motivated attacks, an...

thunderbird security update

CentOS Errata and Security Advisory CESA-2012:0080 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CVE-2012-0442

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute...

stoneware webnetwork6 - Multiple Vulnerabilities

stoneware webnetwork6 - Multiple Vulnerabilities Stoneware WebNetwork6 Vulnerability Assessment CVE-2012-0285 – XSS CVE-2012-0286 - CSRF Conducted by: Leland Public Schools Stoneware Customer Jacob Holcomb Network Engineer for LPS Conducted for: Leland Public Schools Purchaser of WebNetwork...

stoneware webnetwork6 - Multiple Vulnerabilities

Stoneware WebNetwork6 Vulnerability Assessment CVE-2012-0285 – XSS CVE-2012-0286 - CSRF Conducted by: Leland Public Schools Stoneware Customer Jacob Holcomb Network Engineer for LPS Conducted for: Leland Public Schools Purchaser of WebNetwork product. Test was to assure cloud security Stoneware...

phpVideoPro 0.8.x0.9.7 - Multiple Cross-Site Scripting Vulnerabilities

phpVideoPro 0.8.x0.9.7 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51428/info phpVideoPro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

The remote host is affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector IV is selected when operating in cipher-block chaining CBC modes. A man-in-the-middle attacker can exploit this to obtain...

Gamers Seek Beta Versions, Download Malware Instead

Tracking the increasingly common use of PC games as an infection vector, researchers at the Microsoft Malware Protection Center MMPC discovered a couple of malicious programs making the rounds on torrent and file sharing sites. Social engineers are disguising their malware by labeling it as the...

Nagios XI - Multiple Cross-Site Scripting HTML Injection Vulnerabilities

Nagios XI - Multiple Cross-Site Scripting HTML Injection Vulnerabilities source: www.securityfocus.com/bid/51069/info Nagios XI is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Successful...

Mandriva Update for proftpd MDVSA-2011:181 (proftpd)

Check for the Version of proftpd OpenVAS Vulnerability Test Mandriva Update for proftpd MDVSA-2011:181 proftpd Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...