JVN#04560253: Yuko Yuko App for Android fails to verify SSL server certificates

Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. As a result, an attacker may obtain information entered into web forms. Solution Update the...

Code injection

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via 1 an http web site, 2 an https web site with an unacceptable X.509 certificate, or 3 an IFRAME element...

Microsoft IE4 Clipboard Paste Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/215/info The Windows clipboard contains data that has been cut or copied from various windows applications. This data can be accessed and posted to malicious web forms at web sites without the knowledge of the visiting...

Soraya Malware Packs Form Grabbing, Memory Scraping Functionality

Malware capable of infecting point-of-sale devices once was a novelty, but it’s quickly becoming more common. Researchers at Arbor Networks have unearthed a new strain of PoS malware called Soraya that can scrape memory and has the ability to intercept information sent from Web forms, a specialty...

PYSEC-2014-110

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

Oracle WebCenter Content (July 2013 CPU)

The version of Oracle WebCenter Content installed on the remote host is potentially affected by multiple vulnerabilities in the Content Server, Site Studio, and Web Forms components. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Questions Linger About New Linux 'Hand of Thief' Trojan

It looks like cybercriminals will soon be able to add yet another Trojan to their hacking repertoire, the Hand of Thief banking malware that targets Linux machines. Currently being sold on the Russian black market, Hand of Thief is fetching $2,000 USD €1,500 EUR but could be poised to run a cool...

Design/Logic Flaw

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Web Forms...

CVE-2013-3772

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Web Forms...

CVE-2013-3772

CVE-2013-3772 affects Oracle WebCenter Content within Oracle Fusion Middleware versions 10.1.3.5.1, 11.1.1.6.0 and 11.1.1.7.0. The vulnerability is described as unspecified and allows remote attackers to affect integrity via unknown vectors related to Web Forms. The connected Nessus record links ...

Kaspersky Password Manager Installed (credentialed check)

Kaspersky Password Manager KPM was detected on the remote host. KPM provides automated username and password storage and can complete web forms automatically. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62799; scriptversion"1.10";...

SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention

This module enables you to protect website forms using a CAPTCHA. A CAPTCHA is a test which attempts to differentiate between a human and an automated bot or script. The module doesn't ensure that test submissions have a single-use unique token. This means that web robots could reuse a single...

http-form-fuzzer NSE Script

Performs a simple form fuzzing against forms found on websites. Tries strings and numbers of increasing length and attempts to determine if the fuzzing was successful. Script Arguments http-form-fuzzer.minlength the minimum length of a string that will be used for fuzzing, defaults to 300000...

CVE-2011-2547

The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681...

Apple Safari 'AutoFill web forms'功能信息泄露漏洞

Bugtraq ID: 48839 CVE ID：CVE-2011-0217 Apple Safari是一款流行的WEB浏览器。 Safari浏览器的"AutoFill web forms"功能可填充不可见表单字段，在用户提交表单之前站上的脚本可访问这些信息。 Apple Safari 5.0.5 for Windows Apple Safari 5.0.5 Apple Safari 5.0.4 for Windows Apple Safari 5.0.4 Apple Safari 5.0.3 for Windows Apple Safari 5.0.3 Apple Safari 5.0...

Onyx - Multiple Cross-Site Scripting Vulnerabilities

Onyx - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/42446/info Onyx is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...

Safari AutoFill Feature Exposes User Data

A prominent security researcher is urging users of Apple’s Safari browser to immediately turn off the AutoFill feature to block hackers from stealing sensitive information. According to Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security, the AutoFill Web Forms feature ca...

Joomla FDione Form Wizard 1.0.2 Local File Inclusion

----------------------------------------------------------------------------------------- Joomla Component FDione Form Wizard lfi vulnerability ----------------------------------------------------------------------------------------- Author : Chip D3 Bi0s Email : chipdebiosalt+64gmail.com Date :...

Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion

Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion ----------------------------------------------------------------------------------------- Joomla Component FDione Form Wizard lfi vulnerability ---------------------------------------------------------------------------------------...

Asynchronous Auth Prompt attaches to wrong window — Mozilla

Mozilla developer Justin Dolske reported that the new asynchronous Authorization Prompt HTTP username and password was not always attached to the correct window. Although we have not demonstrated this, it may be possible for a malicious page to convince a user to open a new tab or popup to a...