144 matches found
WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35315/info WebKit is prone to a cross-domain scripting vulnerability because it fails to properly restrict the access of JavaScript code when loading new webpages. A remote attacker can exploit this vulnerability to bypas...
Geeklog 1.3.5 Calendar Event Form Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4974/info Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks. Attacker-supplied script code may potentially end up in webpages generated by Geeklog and will...
[SECURITY] Fedora 19 Update: php-5.5.13-3.fc19
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages
Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use...
openSUSE Security Update : Opera (openSUSE-SU-2013:0273-2)
Opera 12.13 is a recommended upgrade offering security and stability enhancements. -fixed an issue where Opera gets internal communication errors on Facebook -fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet -fixed an issue where images will not load...
Versatility of Zeus Framework Encourages Criminal Innovation
A new report on the Zeus trojan’s evolution shows that the malware was moved from harvesting online banking credentials to controlling botnets and launching distributed denial of service attacks attributes the evolution to the highly customized and incredibly versatile framework Zeus is today...
SOS Webpages 1.1.1 /backup.php 备份文件发现漏洞
No description provided by source...
HandsomeWeb SOS Webpages 1.1.11 Backup / Hash Disclosure
Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use...
Visibility Software Cyber Recruiter authentication bypass vulnerability
Overview Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages. Description CWE-305: Authentication Bypass by Primary Weakness:Visibility Software Cyber Recruiter fails to prevent unauthenticated users from accessing protected webpages allowi...
Microsoft Internet Explorer CVE-2013-0088 Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
MS13-004: Vulnerability in the .NET Framework could allow elevation of privilege: January 8, 2013
Resolves a vulnerability in the .NET Framework that could allow remote code execution on a client system. Vulnerability occurs if a user views a specially crafted webpage through a web browser that can run XAML Browser Applications XBAPs.View products that this article applies...
Sandbox 2.0.3 Bypass / Local File Inclusion / Shell Upload / SQL Injection
Sandbox 2.0.3 Multiple Remote Vulnerabilities Name Sandbox Vendor http://www.iguanadons.net Versions Affected 2.0.3 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-07 X. INDEX I. ABOUT THE APPLICATION II...
Facebook Hit With Clickjacking Worm
A vulnerability on Facebook forced hundreds of thousands of users to endorse a series of webpages over the holiday weekend, making the social networking site the latest venue for an attack known as clickjacking. Read the full article. The Register...
360 Web Manager 3.0 - webpages-form-led-edit.php SQL Injection
360 Web Manager 3.0 - webpages-form-led-edit.php SQL Injection source: https://www.securityfocus.com/bid/40378/info 360 Web Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
CVE-2009-1749
Multiple cross-site scripting XSS vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the 1 usermanform and 2 webpagesform parameters...
CVE-2009-1749
Multiple cross-site scripting XSS vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the 1 usermanform and 2 webpagesform parameters...
[SECURITY] Fedora 10 Update: awstats-6.8-3.fc10
Advanced Web Statistics is a powerful and featureful tool that generates advanced web server graphic statistics. This server log analyzer works from command line or as a CGI and shows you all information your log contai ns, in graphical web pages. It can analyze a lot of web/wap/proxy servers lik...
[SECURITY] Fedora 9 Update: lynx-2.8.6-17.fc9
Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx has over graphical browsers is speed; Lynx starts and exits quickly and swiftly displays webpages...
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Joomla Component Alberghi <= 2.1.3 (id) SQL Injection Vulnerability
No description provided by source. Mambo Component comalberghi SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MA陌L : [email protected] TODAY MY B陌RTDAY SOO I WROTE 5 BUGS ALL FOR HACKERS 5 EXPLO陌TS HAVE 100.000 MAMBO-JOOMLA WEBPAGES OR MUCH MORE DONT FORGET...