CVE-2011-5070

Multiple cross-site scripting XSS vulnerabilities in Support Incident Tracker aka SiT! 3.65 allow remote attackers to inject arbitrary web script or HTML via 1 the file name to incidentattachments.php; 2 unspecified vectors in linkadd.php, possibly involving origref, linkref, linktype parameters,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Support Incident Tracker aka SiT! 3.65 allow remote attackers to inject arbitrary web script or HTML via 1 the file name to incidentattachments.php; 2 unspecified vectors in linkadd.php, possibly involving origref, linkref, linktype parameters,...

CVE-2011-5070

Multiple cross-site scripting XSS vulnerabilities in Support Incident Tracker aka SiT! 3.65 allow remote attackers to inject arbitrary web script or HTML via 1 the file name to incidentattachments.php; 2 unspecified vectors in linkadd.php, possibly involving origref, linkref, linktype parameters,...

Nova CMS Directory Traversal

Title : Nova CMS Directory Travel Author : Red Security TEAM Date : 21/01/2012 Download : http://www.nova-cms.com/uploads/files/novacms.zip Tested On : CentOS Dork : Copyright ©2005-2011 by Nova CMS. Contact : Info 4t RedSecurity d0t COM Home : http://RedSecurity.COM Exploit : 1. Register 2. Go t...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload...

CVE-2011-2271

CVE-2011-2271 affects Oracle E-Business Suite 11.5.10.2 through the Oracle Application Object Library. The vulnerability involves Attachments / File Upload and allows remote authenticated users to impact integrity via unknown vectors. The provided sources list this entry with a low severity (CVSS...

Phishing Campaign Using Spoofed US-CERT Email Addresses

On January 10, 2012, US-CERT received reports of a phishing campaign that is spoofing US-CERT email to deliver a variant of the Zeus/Zbot Trojan known as Ice-IX. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments...

Bugzilla XSS / XSRF / Unauthorized Account Creation

No description provided by source. Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: When viewing tabular or graphical reports as well as new charts, an XSS vulnerability is...

USAA Phishing Scam and Malware Campaign

US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association USAA members. These messages contain the subject line "Deposit Posted" and contain a randomly generated four-digit number placed in the USAA security zone...

Microsoft Publisher Out of Bound Array Index Remote Code Execution Vulnerability

Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into opening a specially crafted Publisher file. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of t...

Microsoft Publisher Invalid Pointer Remote Code Execution Vulnerability

Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into opening a specially crafted Publisher file. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of t...

Docebo Lms 4.0.4 - 'Messages' Remote Code Execution

if$GLOBALS'modname' != '' $modulecfg =& createModule$GLOBALS'modname'...

Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing

Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code. Microsoft has indicated th...

Apple's Mail.app mail of death

OVERVIEW Mail.app mail client is vulnerable to a DoS by sending a crafted email. VENDOR Apple Inc. Vendor contacted: 25 July 2011 Vendor reply: 20 September 2011. Vendor's actions: Details confidential. VULNERABILITY DESCRIPTION Send an email with 2023 MIME attachments to the vicim client. Upon...

Apple Mail.app mail拒绝服务漏洞

Mail.app是Apple的Mac OS X操作系统中自带的电子邮件程序。 Mail.app电子邮件客户端在实现上存在拒绝服务漏洞，通过发送大于2023 MIME的附件到邮件客户端，在解析时可造成其崩溃。 Apple Mac OS X 10.7.2 Apple Mail 5.1 厂商补丁： Apple ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://support.apple.com/ !/usr/bin/env python Mail of death for Apple's Mail.app Tested &...

Facebook Flaw Allows Users to Send Executables

A security researcher has discovered a vulnerability in Facebook’s messaging system that could allow an attacker to send executable attachments to anyone on the popular social network. The vulnerability is such that an attacker doesn’t necessarily need to be friends with the person to whom he sen...

Facebook EXE attachment Vulnerability can Compromise with Users Security

Facebook EXE attachment Vulnerability can Compromise with Users Security Nathan Power from SecurityPentest has discovered new Facebook Vulnerability, that can easily attach EXE files in messages,cause possible User Credentials to be Compromised . When using the Facebook 'Messages' tab, there is a...

Shocker: Scammers Exploit Death of Former Libyan Ruler

In one of the least surprising computer security news events of 2011, the death of longtime Libyan leader, and self-proclaimed “African King of Kings” Colonel Muammar Qaddafi spawned a slew of online scams. Within hours of Qaddafi’s capture and death at the hands of Libyan rebels, security firms...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload...

CVE-2011-2303

Summary: CVE-2011-2303 describes an unspecified vulnerability in Oracle Application Object Library (Oracle E-Business Suite) affecting 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3. It allows remote authenticated users to affect integrity via unknown vectors related to attachments/file upload. The provid...