JForum 2.1.8 - Username Cross-Site Scripting

JForum 2.1.8 - Username Cross-Site Scripting source: https://www.securityfocus.com/bid/40880/info JForum is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue...

Gmail Checker Plus Chrome Extension Cross Site Scripting

Gmail Checker plus Chrome extension XSS extension: https://chrome.google.com/extensions/detail/mihcahmgecmbnbcchbopgniflfhgnkff advisore:http://lostmon.blogspot.com/2010/06/gmail-checker-plus-chrome-extension-xss.html Exploit available:yes So in this case "Google Mail Checker Plus" version 1.1.7...

The Coming Wave of Mobile Attacks

The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years, adding features, speed and computing power. But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for...

runportleterror.jsp contains XSS hole

The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...

runportleterror.jsp contains XSS hole

The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...

runportleterror.jsp contains XSS hole

The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...

openssl: missing bn_wexpand return value checks

OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors...

Discuz! 6.0 - 'tid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/37982/info Discuz! is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001

TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001 Release Date. 21-Jan-2010 Vendor Notification Date. 11-Dec-2009 Product. TheGreenBow VPN Client Platform. Microsoft Windows Affected versions. 4.65.003, 4.51.001 verified and possibly others. Severity Ratin...

Multiple Media Players ((iTunes QuickTime) - HTTP DataHandler Overflow

Multiple Media Players iTunes QuickTime - HTTP DataHandler Overflow ScaryMovie Exploit Study By: DrIDE October, 2009 There is a widespread failure in the way that .MOV files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. Nearly every .MOV enabled...

Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow

ScaryMovie Exploit Study By: DrIDE October, 2009 There is a widespread failure in the way that .MOV files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. Nearly every .MOV enabled application that I tested fell victim to this exploit. This is a local...

Authorization

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability HA scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors...

Microsoft Pushes for Better Software Security Practices

WASHINGTON–Microsoft has spent several years and untold millions of dollars working on methods to write more secure and reliable software, and now the company is encouraging other organizations to make the same investment in software security. One of the outputs of the company’s software security...

SafeNet SoftRemote Local Buffer Overflow - Security Advisory - SOS-09-008

SafeNet SoftRemote Local Buffer Overflow - Security Advisory - SOS-09-008 Release Date. 30-Oct-2009 Vendor Notification Date. 20-Jul-2009 Product. SafeNet SoftRemote Platform. Microsoft Windows Affected versions. 10.8.5 Build 2, 10.3.5 Build 6 verified and possibly others. Other vendors which hav...

Jetty 6.x / 7.x Information Disclosure / XSS

Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...

Vivvo CMS 4.1.5.1 file disclosure

Exploit for unknown platform in category web applications ================================= Vivvo CMS 4.1.5.1 file disclosure ================================= Description of vulnerable software: Vivvo CMS is an intuitive content management system atop a powerful programming framework, empowering...

Remote File Disclosure in Vivvo CMS 4.1.5.1

No description provided by source. waraxe-2009-SA075 - Remote File Disclosure in Vivvo CMS 4.1.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 21. October 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-75.html...

[waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1

waraxe-2009-SA075 - Remote File Disclosure in Vivvo CMS 4.1.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 21. October 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-75.html Description of vulnerable software...

EXcms Root directory disclosure vulnerability

---------------------------------------------------------------------- PT-2009-22 Positive Technologies Security Advisory EXcms Root directory disclosure vulnerability ---------------------------------------------------------------------- --- Affected Software EXcms Versions prior to 2.02 Product...

CVE-2009-3571

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...